CVE-2005-2096
zlib - buffer overflow
EPSS 43.0%
Description
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
How to fix CVE-2005-2096
To remediate CVE-2005-2096, upgrade the affected package to a fixed version below.
- Debian/aide—upgrade to 0.10-6.1.1 or later
- Debian/bacula—upgrade to 1.36.3-2 or later
- Debian/dpkg—upgrade to 1.13.11 or later
- —upgrade to 0.4b40-1 or later
- —upgrade to 1.0.0-5 or later
- —upgrade to 1.7.8-2 or later
- —upgrade to 4.0.4-31.1 or later
- —upgrade to 3.7-6 or later
- —upgrade to 1:1.0.5-3 or later
- —upgrade to 1:1.2.2-4.sarge.1 or later
- —upgrade to 1:1.2.2-7 or later
- —upgrade to 0.4.0-2 or later
Is CVE-2005-2096 being exploited?
Moderate — EPSS is 43.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (12)
- from 0, < 0.10-6.1.1
- from 0, < 1.36.3-2
- from 0, < 1.13.11
- from 0, < 0.4b40-1
- from 0, < 1.0.0-5
- from 0, < 1.7.8-2
- from 0, < 4.0.4-31.1
- from 0, < 3.7-6
- from 0, < 1:1.0.5-3
- from 0, < 1:1.2.2-4.sarge.1
- from 0, < 1:1.2.2-7