I. 背景 - Background

zlib is a compression library used by numerous applications to provide data compression/decompression routines.

II. 問題の詳細 - Problem Description

A fixed-size buffer is used in the decompression of data streams. Due to erronous analysis performed when zlib was written, this buffer, which was belived to be sufficiently large to handle any possible input stream, is in fact too small.

III. 影響範囲 - Impact

A carefully constructed compressed data stream can result in zlib overwriting some data structures. This may cause applications to halt, resulting in a denial of service; or it may result in an attacker gaining elevated privileges.

IV. 回避方法 - Workaround

No workaround is available.

><