CVE-2026-22184

EUVD-2026-1173
zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Affected Products (NVD)
VendorProductVersion
zlibzlib
𝑥
≤ 1.3.1.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
zlib
bionic
not-affected
focal
not-affected
jammy
not-affected
noble
not-affected
plucky
not-affected
questing
not-affected
trusty
not-affected
xenial
not-affected
rsync
bionic
not-affected
focal
not-affected
jammy
not-affected
noble
not-affected
plucky
not-affected
questing
not-affected
trusty
not-affected
xenial
not-affected
zsync
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
ignored
questing
needs-triage
xenial
needs-triage
klibc
bionic
not-affected
focal
not-affected
jammy
not-affected
noble
not-affected
plucky
not-affected
questing
not-affected
trusty
not-affected
xenial
not-affected
Common Weakness Enumeration
References
https://github.com/madler/zlib
https://seclists.org/fulldisclosure/2026/Jan/3
https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname
https://zlib.net/
https://github.com/madler/zlib/issues/1142