{"id":"JLSEC-2026-479","details":"MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.","modified":"2026-05-07T17:46:31.401416Z","published":"2026-05-07T17:36:47.122Z","upstream":["CVE-2023-45853"],"database_specific":{"sources":[{"id":"CVE-2023-45853","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45853","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-45853","published":"2023-10-14T02:15:09.323Z","database_specific":{"status":"Analyzed"},"modified":"2024-12-20T17:41:31.237Z","imported":"2026-05-07T17:21:39.053Z"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2023/10/20/9"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2023/10/20/9"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/01/24/10"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/01/24/10"},{"type":"WEB","url":"https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356"},{"type":"WEB","url":"https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356"},{"type":"WEB","url":"https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61"},{"type":"WEB","url":"https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61"},{"type":"WEB","url":"https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4"},{"type":"WEB","url":"https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4"},{"type":"WEB","url":"https://github.com/madler/zlib/pull/843"},{"type":"WEB","url":"https://github.com/madler/zlib/pull/843"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00026.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00026.html"},{"type":"WEB","url":"https://pypi.org/project/pyminizip/#history"},{"type":"WEB","url":"https://pypi.org/project/pyminizip/#history"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202401-18"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202401-18"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20231130-0009/"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20231130-0009/"},{"type":"WEB","url":"https://www.winimage.com/zLibDll/minizip.html"},{"type":"WEB","url":"https://www.winimage.com/zLibDll/minizip.html"}],"affected":[{"package":{"name":"GCCBootstrap_jll","ecosystem":"Julia","purl":"pkg:julia/GCCBootstrap_jll?uuid=7627cfbf-f290-59f7-b5e8-595c7b62b918"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-479.json"}},{"package":{"name":"Openresty_jll","ecosystem":"Julia","purl":"pkg:julia/Openresty_jll?uuid=87da34d4-7b1b-5a94-8376-8cb65bf3132c"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.27.1+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-479.json"}},{"package":{"name":"Zlib_jll","ecosystem":"Julia","purl":"pkg:julia/Zlib_jll?uuid=83775a58-1f1d-513f-b197-d71354ab007a"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.3.1+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-479.json"}}],"schema_version":"1.7.5"}