VDB
JLSEC-2026-477
JLSEC-2026-477
PUBLISHED
CVSS 9.300000190734863 CRITICAL
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Julia | GCCBootstrap_jll | 0 |
| Julia | Python_jll | 0 |
| Julia | Openresty_jll | 0 |
| Julia | Zlib_jll | 0 |
Timeline
- May 7, 2026 CVE Published
- May 7, 2026 CVE Updated
- May 18, 2026 Distribution Patch
References
- http://seclists.org/fulldisclosure/2022/May/33 url
- http://seclists.org/fulldisclosure/2022/May/35 url
- http://seclists.org/fulldisclosure/2022/May/38 url
- http://www.openwall.com/lists/oss-security/2022/03/25/2 url
- http://www.openwall.com/lists/oss-security/2022/03/26/1 url
- https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf url
- https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 url
- https://github.com/madler/zlib/compare/v1.2.11...v1.2.12 url
- https://github.com/madler/zlib/issues/605 url
- https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html url
- https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html url
- https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/ url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/ url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/ url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/ url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/ url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/ url
- https://security.gentoo.org/glsa/202210-42 url
- https://security.netapp.com/advisory/ntap-20220526-0009/ url
…and 9 more