CVE-2026-22184
EUVD-2026-117307.01.2026, 21:16
zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| zlib | zlib | 𝑥 ≤ 1.3.1.2 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| klibc |
| ||||||||||||||||||
| rsync |
| ||||||||||||||||||
| zlib |
| ||||||||||||||||||
| zsync |
|
Common Weakness Enumeration
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
Vulnerability Media Exposure
References