AttackFeed by Joe Wagner | zlib v1.3.1.2 Global Buffer Overflow in TGZfname() of zlib untgz Utility via Unbounded strcpy() on User-Supplied Archive Name  - Full Disclosure

zlib v1.3.1.2 Global Buffer Overflow in TGZfname() of zlib untgz Utility via Unbounded strcpy() on User-Supplied Archive Name  – Full Disclosure

Posted on By Joe-W No Comments on zlib v1.3.1.2 Global Buffer Overflow in TGZfname() of zlib untgz Utility via Unbounded strcpy() on User-Supplied Archive Name  – Full Disclosure
Alert Feeds

 

Posted by Ron E on Jan 05

A global buffer overflow vulnerability exists in the TGZfname() function of
the zlib untgz utility due to the use of an unbounded strcpy() call on
attacker-controlled input. The utility copies a user-supplied archive name
(argv[arg]) into a fixed-size static global buffer of 1024 bytes without
performing any length validation. Supplying an archive name longer than
1024 bytes results in an out-of-bounds write past the end of the global
buffer,…
 – Read More  – Full Disclosure 

You may also like

Alert Feeds
Backdoor.Win32.Netbus.170 / Insecure Credential Storage / MVID-2025-0703  – Full Disclosure
December 28, 2025
Alert Feeds
APPLE-SA-11-03-2025-6 watchOS 26.1  – Full Disclosure
November 7, 2025
Alert Feeds
Stored HTML Injection – flatpressv1.4.1  – Full Disclosure
September 23, 2025
Alert Feeds
nopCommerce 4.90.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Schedule Tasks functionality  – Full Disclosure
December 16, 2025

Leave a Reply

AttackFeed by Joe Wagner
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.