The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2002-06-25T04:00:00

Updated: 2024-08-08T02:35:17.400Z

Reserved: 2002-02-07T00:00:00

Link: CVE-2002-0059

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2002-03-15T05:00:00.000

Modified: 2024-11-20T23:38:12.263

Link: CVE-2002-0059

cve-icon Redhat

Severity : Moderate

Publid Date: 2002-03-09T00:00:00Z

Links: CVE-2002-0059 - Bugzilla