CVE-2005-1849

NameCVE-2005-1849
Descriptioninftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1026-1, DSA-763-1, DSA-797-1, DSA-797-2

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sash (PTS)sid, trixie, buster, bookworm, bullseye3.8-5fixed
zlib (PTS)buster1:1.2.11.dfsg-1+deb10u1fixed
buster (security)1:1.2.11.dfsg-1+deb10u2fixed
bullseye (security), bullseye1:1.2.11.dfsg-2+deb11u2fixed
bookworm1:1.2.13.dfsg-1fixed
trixie1:1.3.dfsg-3fixed
sid1:1.3.dfsg-3.1fixed
zsync (PTS)buster, bullseye0.6.2-3fixed
sid, trixie, bookworm0.6.2-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sashsourcewoody(not affected)DSA-1026-1
sashsourcesarge3.7-5sarge1DSA-1026-1
sashsource(unstable)3.7-5sarge1low
zlibsourcewoody(not affected)DSA-763-1
zlibsourcesarge1:1.2.2-4.sarge.2mediumDSA-763-1
zlibsource(unstable)1:1.2.3-1low
zsyncsourcesarge0.3.3-1.sarge.1mediumDSA-797-1
zsyncsource(unstable)0.4.1-1low

Notes

This is only contrib code not built in the binary packages AFAIK
zsync 0.4.0-2 (mentioned in DSA-797-1) was never uploaded.

Search for package or bug name: Reporting problems