CVE-2005-1849

NameCVE-2005-1849
Descriptioninftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1026-1, DSA-763-1, DSA-797-1, DSA-797-2
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sash (PTS)wheezy3.7-12fixed
jessie, stretch3.8-3fixed
buster, sid3.8-4fixed
zlib (PTS)wheezy1:1.2.7.dfsg-13fixed
jessie1:1.2.8.dfsg-2fixed
buster, sid, stretch1:1.2.8.dfsg-5fixed
zsync (PTS)wheezy, jessie0.6.2-1fixed
buster, sid, stretch0.6.2-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sashsource(unstable)3.7-5sarge1low
sashsourcesarge3.7-5sarge1mediumDSA-1026-1
sashsourcewoody(not affected)DSA-1026-1
zlibsource(unstable)1:1.2.3-1low
zlibsourcesarge1:1.2.2-4.sarge.2mediumDSA-763-1
zlibsourcewoody(not affected)DSA-763-1
zsyncsource(unstable)0.4.1-1low
zsyncsourcesarge0.3.3-1.sarge.1mediumDSA-797-1

Notes

This is only contrib code not built in the binary packages AFAIK
zsync 0.4.0-2 (mentioned in DSA-797-1) was never uploaded.

Search for package or bug name: Reporting problems