Our great sponsors
-
zip-ada
Zip-Ada: a standalone, portable Ada library for .zip archives. Includes LZMA byte stream encoder & decoder pair.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
These appears to be the relevant changes:
2022-07-30: https://github.com/madler/zlib/commit/eff308af425b67093bab25...
2022-08-08: https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae3...
The second commit definitely fixed a null pointer dereference, I am not sure if the CVE is referencing something else that was fixed by the first commit.
Zlib-ng doesn't contain the same code, but it appears that their equivalent inflate() when used with their inflateGetHeader() implementation was affected by a similar problem: https://github.com/zlib-ng/zlib-ng/pull/1328
Also similarly, most client code will be unaffected because `state->head` will be NULL, because they (most client code) won't have used inflateGetHeader() at all.
Related posts
- Show HN: Pzip- blazing fast concurrent zip archiver and extractor
- Introducing zune-inflate: The fastest Rust implementation of gzip/Zlib/DEFLATE
- Computing Adler32 Checksums at 41 GB/s
- Re: Zlib memory corruption on deflate (i.e. compress)
- Zlib – a spiffy yet delicately unobtrusive compression library