Vulnerability in the Zlib library is finally fixed after 17 years


A seventeen-year-old vulnerability has been fixed in the widely used Zlib data compression library. Exploiting the vulnerability allowed applications and services to fail.

Software that uses Zlib to compress user-provided data may crash and shut down due to writing out of bounds if the data has been specially formatted. Depending on how the user-controlled information is used, some backup and logging operations could, for example, suddenly stop. Document viewing and editing programs might not open files, and browser windows or tabs might fail.

Vulnerability was rated 7.5 points on the CVSS scale. The danger of the problem also lies in the fact that the open source Zlib library is widely used. The DEFLATE algorithm of the Zlib library, which became an Internet standard in 1996, manifests itself in many file formats and protocols for data compression and expansion, software processing input data is likely to use zlib. These programs include Mozilla Firefox, Microsoft Edge, Chromium and To, Xpdf, VLC media player, software compatible with Microsoft Word and Excel, LibreOffice, GIMP image editor, etc.

The patch is available on Github, and IB experts recommend updating Zlib to version 1.2.12. Linux distributions Ubuntu and Alpine have also implemented the fix in their latest releases.

Start a discussion …