VulnerableCode Package Details - pkg:deb/debian/zlib@1:1.2.11.dfsg-2%2Bdeb11u2

Search for packages

Vulnerability	Summary	Fixed by
VCID-ac5e-emja-v3fe Aliases: CVE-2026-27171	zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions	1:1.3.dfsg+really1.3.2-3 Affected by 0 other vulnerabilities.
VCID-v6pc-48dg-4kad Aliases: CVE-2023-45853 GHSA-mq29-j5xf-cjwr	Integer Overflow or Wraparound MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.	1:1.3.dfsg+really1.3.1-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-ac5e-emja-v3fe
Aliases:
CVE-2026-27171

zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions

1:1.3.dfsg+really1.3.2-3
Affected by 0 other vulnerabilities.

VCID-v6pc-48dg-4kad
Aliases:
CVE-2023-45853
GHSA-mq29-j5xf-cjwr

Integer Overflow or Wraparound MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.

1:1.3.dfsg+really1.3.1-1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-xd6j-x83x-r3gn	Out-of-bounds Write zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.	CVE-2018-25032 GHSA-jc36-42cf-vqwj
VCID-ys8b-uuv1-pkfm	A buffer overflow in zlib might allow an attacker to cause remote code execution.	CVE-2022-37434

Vulnerability

Summary

Aliases

VCID-xd6j-x83x-r3gn

Out-of-bounds Write zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

CVE-2018-25032
GHSA-jc36-42cf-vqwj

VCID-ys8b-uuv1-pkfm

A buffer overflow in zlib might allow an attacker to cause remote code execution.

CVE-2022-37434

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:54:27.195805+00:00	Debian Importer	Affected by	VCID-ac5e-emja-v3fe	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:02:55.678857+00:00	Debian Importer	Affected by	VCID-v6pc-48dg-4kad	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-15T19:04:05.317209+00:00	Debian Oval Importer	Fixing	VCID-ys8b-uuv1-pkfm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:55:51.176636+00:00	Debian Oval Importer	Fixing	VCID-xd6j-x83x-r3gn	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-13T08:07:41.686801+00:00	Debian Importer	Affected by	VCID-ac5e-emja-v3fe	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:48:03.552032+00:00	Debian Oval Importer	Fixing	VCID-ys8b-uuv1-pkfm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:40:07.265364+00:00	Debian Oval Importer	Fixing	VCID-xd6j-x83x-r3gn	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:03:58.711113+00:00	Debian Importer	Affected by	VCID-v6pc-48dg-4kad	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-08T19:24:49.629208+00:00	Debian Importer	Affected by	VCID-ac5e-emja-v3fe	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:33:01.258542+00:00	Debian Oval Importer	Fixing	VCID-ys8b-uuv1-pkfm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:25:17.363081+00:00	Debian Oval Importer	Fixing	VCID-xd6j-x83x-r3gn	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-04T17:55:03.945131+00:00	Debian Importer	Affected by	VCID-v6pc-48dg-4kad	https://security-tracker.debian.org/tracker/data/json	38.1.0