{"id":"JLSEC-2026-477","details":"zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.","modified":"2026-05-07T17:46:35.888305Z","published":"2026-05-07T17:36:47.122Z","upstream":["CVE-2018-25032"],"database_specific":{"license":"CC-BY-4.0","sources":[{"url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2018-25032","modified":"2025-08-21T20:37:11.840Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-25032","imported":"2026-05-07T17:21:38.874Z","database_specific":{"status":"Analyzed"},"published":"2022-03-25T09:15:08.187Z","id":"CVE-2018-25032"}]},"references":[{"type":"WEB","url":"http://seclists.org/fulldisclosure/2022/May/33"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2022/May/33"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2022/May/35"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2022/May/35"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2022/May/38"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2022/May/38"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2022/03/25/2"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2022/03/25/2"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2022/03/26/1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2022/03/26/1"},{"type":"WEB","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"},{"type":"WEB","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"},{"type":"WEB","url":"https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531"},{"type":"WEB","url":"https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531"},{"type":"WEB","url":"https://github.com/madler/zlib/compare/v1.2.11...v1.2.12"},{"type":"WEB","url":"https://github.com/madler/zlib/compare/v1.2.11...v1.2.12"},{"type":"WEB","url":"https://github.com/madler/zlib/issues/605"},{"type":"WEB","url":"https://github.com/madler/zlib/issues/605"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202210-42"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202210-42"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20220526-0009/"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20220526-0009/"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20220729-0004/"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20220729-0004/"},{"type":"WEB","url":"https://support.apple.com/kb/HT213255"},{"type":"WEB","url":"https://support.apple.com/kb/HT213255"},{"type":"WEB","url":"https://support.apple.com/kb/HT213256"},{"type":"WEB","url":"https://support.apple.com/kb/HT213256"},{"type":"WEB","url":"https://support.apple.com/kb/HT213257"},{"type":"WEB","url":"https://support.apple.com/kb/HT213257"},{"type":"WEB","url":"https://www.debian.org/security/2022/dsa-5111"},{"type":"WEB","url":"https://www.debian.org/security/2022/dsa-5111"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2022/03/24/1"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2022/03/24/1"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2022/03/28/1"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2022/03/28/1"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2022/03/28/3"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2022/03/28/3"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpujul2022.html"}],"affected":[{"package":{"name":"GCCBootstrap_jll","ecosystem":"Julia","purl":"pkg:julia/GCCBootstrap_jll?uuid=7627cfbf-f290-59f7-b5e8-595c7b62b918"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-477.json"}},{"package":{"name":"Openresty_jll","ecosystem":"Julia","purl":"pkg:julia/Openresty_jll?uuid=87da34d4-7b1b-5a94-8376-8cb65bf3132c"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.21.4+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-477.json"}},{"package":{"name":"Python_jll","ecosystem":"Julia","purl":"pkg:julia/Python_jll?uuid=93d3a430-8e7c-50da-8e8d-3dfcfb3baf05"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.10.14+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-477.json"}},{"package":{"name":"Zlib_jll","ecosystem":"Julia","purl":"pkg:julia/Zlib_jll?uuid=83775a58-1f1d-513f-b197-d71354ab007a"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.2.12+3"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-477.json"}}],"schema_version":"1.7.5"}