Search for packages
Package details: pkg:deb/debian/zlib@1:1.2.7.dfsg-13
purl pkg:deb/debian/zlib@1:1.2.7.dfsg-13
Next non-vulnerable version 1:1.3.dfsg+really1.3.1-1
Latest non-vulnerable version 1:1.3.dfsg+really1.3.1-1
Risk 10.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-4z6g-shu4-ybb1
Aliases:
CVE-2016-9840
1:1.2.8.dfsg-5
Affected by 2 other vulnerabilities.
VCID-7sex-snjb-mbby
Aliases:
CVE-2022-37434
1:1.2.11.dfsg-2+deb11u2
Affected by 1 other vulnerability.
VCID-azcr-mb8m-j3am
Aliases:
CVE-2016-9843
1:1.2.8.dfsg-5
Affected by 2 other vulnerabilities.
VCID-mtzw-nkcm-wfcn
Aliases:
CVE-2018-25032
GHSA-jc36-42cf-vqwj
GHSA-v6gp-9mmm-c6p5
GMS-2022-787
Out-of-bounds Write in zlib affects Nokogiri ## Summary Nokogiri v1.13.4 updates the vendored zlib from 1.2.11 to 1.2.12, which addresses [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032). That CVE is scored as CVSS 7.4 "High" on the NVD record as of 2022-04-05. Please note that this advisory only applies to the CRuby implementation of Nokogiri `< 1.13.4`, and only if the packaged version of `zlib` is being used. Please see [this document](https://nokogiri.org/LICENSE-DEPENDENCIES.html#default-platform-release-ruby) for a complete description of which platform gems vendor `zlib`. If you've overridden defaults at installation time to use system libraries instead of packaged libraries, you should instead pay attention to your distro's `zlib` release announcements. ## Mitigation Upgrade to Nokogiri `>= v1.13.4`. ## Impact ### [CVE-2018-25032](https://nvd.nist.gov/vuln/detail/CVE-2018-25032) in zlib - **Severity**: High - **Type**: [CWE-787](https://cwe.mitre.org/data/definitions/787.html) Out of bounds write - **Description**: zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
1:1.2.11.dfsg-1+deb10u1
Affected by 2 other vulnerabilities.
1:1.2.11.dfsg-2+deb11u2
Affected by 1 other vulnerability.
VCID-rbj6-jwzz-rkaj
Aliases:
CVE-2016-9842
1:1.2.8.dfsg-5
Affected by 2 other vulnerabilities.
VCID-wfjr-bkss-a7f1
Aliases:
CVE-2016-9841
1:1.2.8.dfsg-5
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-08-01T16:49:55.082455+00:00 Debian Oval Importer Affected by VCID-azcr-mb8m-j3am https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T16:13:14.181833+00:00 Debian Oval Importer Affected by VCID-rbj6-jwzz-rkaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T16:13:05.418755+00:00 Debian Oval Importer Affected by VCID-wfjr-bkss-a7f1 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T15:06:13.503658+00:00 Debian Oval Importer Affected by VCID-7sex-snjb-mbby https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T14:59:07.044835+00:00 Debian Oval Importer Affected by VCID-mtzw-nkcm-wfcn https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T12:27:38.215220+00:00 Debian Oval Importer Affected by VCID-4z6g-shu4-ybb1 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T11:13:26.112781+00:00 Debian Oval Importer Affected by VCID-mtzw-nkcm-wfcn https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 37.0.0