VulnerableCode Package Details - pkg:deb/debian/zlib@1:1.2.11.dfsg-2%2Bdeb11u2

Search for packages

Vulnerability	Summary	Fixed by
VCID-mhka-nrx1-gfgc Aliases: CVE-2023-45853 GHSA-mq29-j5xf-cjwr	MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.	1:1.3.dfsg+really1.3.1-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-mhka-nrx1-gfgc
Aliases:
CVE-2023-45853
GHSA-mq29-j5xf-cjwr

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.

1:1.3.dfsg+really1.3.1-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-7sex-snjb-mbby		CVE-2022-37434
VCID-mtzw-nkcm-wfcn	Out-of-bounds Write in zlib affects Nokogiri ## Summary Nokogiri v1.13.4 updates the vendored zlib from 1.2.11 to 1.2.12, which addresses [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032). That CVE is scored as CVSS 7.4 "High" on the NVD record as of 2022-04-05. Please note that this advisory only applies to the CRuby implementation of Nokogiri `< 1.13.4`, and only if the packaged version of `zlib` is being used. Please see [this document](https://nokogiri.org/LICENSE-DEPENDENCIES.html#default-platform-release-ruby) for a complete description of which platform gems vendor `zlib`. If you've overridden defaults at installation time to use system libraries instead of packaged libraries, you should instead pay attention to your distro's `zlib` release announcements. ## Mitigation Upgrade to Nokogiri `>= v1.13.4`. ## Impact ### [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032) in zlib - Severity: High - Type: [CWE-787](https://cwe.mitre.org/data/definitions/787.html) Out of bounds write - Description: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.	CVE-2018-25032 GHSA-jc36-42cf-vqwj GHSA-v6gp-9mmm-c6p5 GMS-2022-787

Vulnerability

Summary

Aliases

VCID-7sex-snjb-mbby

CVE-2022-37434

VCID-mtzw-nkcm-wfcn

Out-of-bounds Write in zlib affects Nokogiri ## Summary Nokogiri v1.13.4 updates the vendored zlib from 1.2.11 to 1.2.12, which addresses [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032). That CVE is scored as CVSS 7.4 "High" on the NVD record as of 2022-04-05. Please note that this advisory only applies to the CRuby implementation of Nokogiri `< 1.13.4`, and only if the packaged version of `zlib` is being used. Please see [this document](https://nokogiri.org/LICENSE-DEPENDENCIES.html#default-platform-release-ruby) for a complete description of which platform gems vendor `zlib`. If you've overridden defaults at installation time to use system libraries instead of packaged libraries, you should instead pay attention to your distro's `zlib` release announcements. ## Mitigation Upgrade to Nokogiri `>= v1.13.4`. ## Impact ### [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032) in zlib - **Severity**: High - **Type**: [CWE-787](https://cwe.mitre.org/data/definitions/787.html) Out of bounds write - **Description**: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

CVE-2018-25032
GHSA-jc36-42cf-vqwj
GHSA-v6gp-9mmm-c6p5
GMS-2022-787

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T15:06:13.531674+00:00	Debian Oval Importer	Fixing	VCID-7sex-snjb-mbby	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:59:07.072636+00:00	Debian Oval Importer	Fixing	VCID-mtzw-nkcm-wfcn	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:09:10.683274+00:00	Debian Importer	Affected by	VCID-mhka-nrx1-gfgc	https://security-tracker.debian.org/tracker/data/json	37.0.0