CVE-2003-0107 Affecting zlib package, versions <1:1.1.4-10

Note: Versions mentioned in the description apply only to the upstream zlib package and not the zlib package as distributed by Debian. See How to fix? for Debian:11 relevant fixed versions and status.

Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.

• https://security-tracker.debian.org/tracker/CVE-2003-0107
• http://www.kb.cert.org/vuls/id/142121
• ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txt
• ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc
• http://marc.info/?l=bugtraq&m=104610337726297&w=2
• http://marc.info/?l=bugtraq&m=104610536129508&w=2
• http://marc.info/?l=bugtraq&m=104620610427210&w=2
• http://marc.info/?l=bugtraq&m=104887247624907&w=2
• http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619
• http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000066.html
• http://jvn.jp/en/jp/JVN78689801/index.html
• http://lists.apple.com/mhonarc/security-announce/msg00038.html
• http://online.securityfocus.com/archive/1/312869
• http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405
• http://www.iss.net/security_center/static/11381.php
• http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:033
• http://www.securityfocus.com/bid/6913
• http://www.osvdb.org/6599
• http://www.redhat.com/support/errata/RHSA-2003-079.html
• http://www.redhat.com/support/errata/RHSA-2003-081.html