Search for packages
Package details: pkg:deb/debian/zlib@1:1.1.4-1.0woody0
purl pkg:deb/debian/zlib@1:1.1.4-1.0woody0
Next non-vulnerable version 1:1.3.dfsg+really1.3.1-1
Latest non-vulnerable version 1:1.3.dfsg+really1.3.1-1
Risk 10.0
Vulnerabilities affecting this package (10)
Vulnerability Summary Fixed by
VCID-4z6g-shu4-ybb1
Aliases:
CVE-2016-9840
1:1.2.8.dfsg-5
Affected by 2 other vulnerabilities.
VCID-7sex-snjb-mbby
Aliases:
CVE-2022-37434
1:1.2.11.dfsg-2+deb11u2
Affected by 1 other vulnerability.
VCID-azcr-mb8m-j3am
Aliases:
CVE-2016-9843
1:1.2.8.dfsg-5
Affected by 2 other vulnerabilities.
VCID-ka82-xmqg-6kd8
Aliases:
CVE-2005-2096
1:1.2.3-13
Affected by 6 other vulnerabilities.
VCID-mtzw-nkcm-wfcn
Aliases:
CVE-2018-25032
GHSA-jc36-42cf-vqwj
GHSA-v6gp-9mmm-c6p5
GMS-2022-787
Out-of-bounds Write in zlib affects Nokogiri ## Summary Nokogiri v1.13.4 updates the vendored zlib from 1.2.11 to 1.2.12, which addresses [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032). That CVE is scored as CVSS 7.4 "High" on the NVD record as of 2022-04-05. Please note that this advisory only applies to the CRuby implementation of Nokogiri `< 1.13.4`, and only if the packaged version of `zlib` is being used. Please see [this document](https://nokogiri.org/LICENSE-DEPENDENCIES.html#default-platform-release-ruby) for a complete description of which platform gems vendor `zlib`. If you've overridden defaults at installation time to use system libraries instead of packaged libraries, you should instead pay attention to your distro's `zlib` release announcements. ## Mitigation Upgrade to Nokogiri `>= v1.13.4`. ## Impact ### [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032) in zlib - **Severity**: High - **Type**: [CWE-787](https://cwe.mitre.org/data/definitions/787.html) Out of bounds write - **Description**: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
1:1.2.11.dfsg-1+deb10u1
Affected by 2 other vulnerabilities.
1:1.2.11.dfsg-2+deb11u2
Affected by 1 other vulnerability.
VCID-n8pd-mcnp-j7g8
Aliases:
CVE-2003-0107
1:1.2.2-4.sarge.2
Affected by 8 other vulnerabilities.
VCID-rbj6-jwzz-rkaj
Aliases:
CVE-2016-9842
1:1.2.8.dfsg-5
Affected by 2 other vulnerabilities.
VCID-s6gw-xj58-nfcb
Aliases:
CVE-2005-1849
1:1.2.3-13
Affected by 6 other vulnerabilities.
VCID-ta5z-87j9-xbez
Aliases:
CVE-2004-0797
1:1.2.2-4.sarge.2
Affected by 8 other vulnerabilities.
VCID-wfjr-bkss-a7f1
Aliases:
CVE-2016-9841
1:1.2.8.dfsg-5
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-08-01T20:06:02.981384+00:00 Debian Oval Importer Affected by VCID-ta5z-87j9-xbez https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T16:59:38.016202+00:00 Debian Oval Importer Affected by VCID-ka82-xmqg-6kd8 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T16:49:55.060397+00:00 Debian Oval Importer Affected by VCID-azcr-mb8m-j3am https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T16:43:45.235427+00:00 Debian Oval Importer Affected by VCID-s6gw-xj58-nfcb https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T16:13:14.158245+00:00 Debian Oval Importer Affected by VCID-rbj6-jwzz-rkaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T16:13:05.396558+00:00 Debian Oval Importer Affected by VCID-wfjr-bkss-a7f1 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T15:06:13.480280+00:00 Debian Oval Importer Affected by VCID-7sex-snjb-mbby https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T14:59:07.023874+00:00 Debian Oval Importer Affected by VCID-mtzw-nkcm-wfcn https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T14:34:43.544881+00:00 Debian Oval Importer Affected by VCID-n8pd-mcnp-j7g8 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T12:27:38.192055+00:00 Debian Oval Importer Affected by VCID-4z6g-shu4-ybb1 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T11:13:26.084531+00:00 Debian Oval Importer Affected by VCID-mtzw-nkcm-wfcn https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 37.0.0