CVE-2016-9841
- Source
- https://cve.org/CVERecord?id=CVE-2016-9841
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9841.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-9841
- Aliases
- Downstream
- Related
- Published
- 2017-05-23T04:29:01.743Z
- Modified
- 2026-02-07T04:58:09.117679Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
- References
-
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html
- http://www.openwall.com/lists/oss-security/2016/12/05/21
- http://www.securityfocus.com/bid/95131
- http://www.securitytracker.com/id/1039427
- http://www.securitytracker.com/id/1039596
- https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
- https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html
- https://support.apple.com/HT208112
- https://support.apple.com/HT208113
- https://support.apple.com/HT208115
- https://support.apple.com/HT208144
- https://usn.ubuntu.com/4246-1/
- https://usn.ubuntu.com/4292-1/
- https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
- https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
- https://www.oracle.com/security-alerts/cpujul2020.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://access.redhat.com/errata/RHSA-2017:1220
- https://access.redhat.com/errata/RHSA-2017:1221
- https://access.redhat.com/errata/RHSA-2017:1222
- https://access.redhat.com/errata/RHSA-2017:2999
- https://access.redhat.com/errata/RHSA-2017:3046
- https://access.redhat.com/errata/RHSA-2017:3047
- https://access.redhat.com/errata/RHSA-2017:3453
- https://security.gentoo.org/glsa/201701-56
- https://security.gentoo.org/glsa/202007-54
- https://security.netapp.com/advisory/ntap-20171019-0001/
- https://bugzilla.redhat.com/show_bug.cgi?id=1402346
- https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb
Affected packages
Git / github.com/madler/zlib
Affected versions
v1.*
v1.2.0
v1.2.0.1
v1.2.0.2
v1.2.0.3
v1.2.0.4
v1.2.0.5
v1.2.0.6
v1.2.0.7
v1.2.0.8
v1.2.1
v1.2.1.1
v1.2.1.2
v1.2.2
v1.2.2.1
v1.2.2.2
v1.2.2.3
v1.2.2.4
v1.2.3
v1.2.3.1
v1.2.3.2
v1.2.3.3
v1.2.3.4
v1.2.3.5
v1.2.3.6
v1.2.3.7
v1.2.3.8
v1.2.3.9
v1.2.4
v1.2.4-pre1
v1.2.4-pre2
v1.2.4.1
v1.2.4.2
v1.2.4.3
v1.2.4.4
v1.2.4.5
v1.2.5
v1.2.5.1
v1.2.5.2
v1.2.5.3
v1.2.6
v1.2.6.1
v1.2.7
v1.2.7.1
v1.2.7.2
v1.2.7.3
v1.2.8
Database specific
vanir_signatures
[
{
"deprecated": false,
"source": "https://github.com/madler/zlib/commit/2fa463bacfff79181df1a5270fb67cc679a53e71",
"id": "CVE-2016-9841-414fe37a",
"target": {
"file": "contrib/infback9/inftree9.c"
},
"digest": {
"line_hashes": [
"16120810892851687554789220157819832702",
"131827276427891043182256510196340875300",
"189513208101419307945534658579998871654",
"212147175082612510136412243030409560140",
"299085759267730258754641938507926344080",
"138959356155413799645705262600700520329",
"29752084737358720135606731688432604107",
"166620327939650871483308933286046278470"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb",
"id": "CVE-2016-9841-67c1d2cf",
"target": {
"file": "inffast.c"
},
"digest": {
"line_hashes": [
"78072732683752644015387925034994222207",
"152217204562056169832124309407939299073",
"215225918295936704424918487133039937568",
"105916848088157406623367830967252372900",
"160347344788684159828158463979696903015",
"43373212368396179797268006176184707519",
"184603405977538261864751504079256823382",
"300158625332067890321432625334982300477",
"231456712669769731133653513946756254403",
"76619535432227392067544577638805564880",
"86478956061661644697224805573734588602",
"309264260464250844037425145840657077392",
"42929194529115052760348046443875986836",
"69092477746976203796181914166585536326",
"330500421171059488258816703603104184117",
"39109048859430692111328065213586549476",
"141918057837261653864758598178289124013",
"220076265684161871297861930656071873654",
"232314986378571625308419906069611283002",
"271261762835987539750125557095311680186",
"87109922922403481839749730139942871992",
"123495222477592797725822233535854539932",
"176140314733410984217923827334674272305",
"220153160189091466688700385333929749459",
"338928063149012365420777119484299731809",
"291002661199329319366599886303090915736",
"136749551968338550545808172330052836179",
"312124000686700852887733291669935553370",
"60415438212528782552969295181943670311",
"156128004555781001681532607068313777365",
"95121502532506852848735358562075473053",
"128214092140692356294035430869947201312",
"225960269161724208534821870935736004185",
"132416564511346590982791537042534820632",
"333045549506452708645355462802558117647",
"232314986378571625308419906069611283002",
"271261762835987539750125557095311680186",
"87109922922403481839749730139942871992",
"217247340695284845200408995274744903482",
"274777786069307210412928712498359338970",
"304397135614779444569141991583228961447",
"120430037352594325396773076799784644981",
"199880817059807794915071985179638614896",
"137949426801562265268064716684471143124",
"128214092140692356294035430869947201312",
"216890108406696089672723699978988015568",
"325344631564606056501479243613347222251",
"253934916918483800687220905448916387707",
"324117531668709484021643110752832760201",
"269848445246898799838539123745173915525",
"237558994423137954737767269069474710707",
"334061756316789733532185870324434516532",
"161803794516738361969090099175277537039",
"280595309763251253214168943144476014651",
"2158493544439301373911245954394611157",
"306339348680549637083011766076218194468",
"74463155369157102119310394397879202449",
"237224848044011259924686497689767912971",
"167095680762181146134547195001451837632",
"128547645879596891169285315880325464325",
"317619100846420598911816750531356741758",
"307640751256381187047569816370424218950",
"268811912412110267696912500072565844297",
"73504501321574436146180087853349147562",
"278297180902125556931793117875411137737",
"69472112817935067921514582800476370211",
"114628231497259286507976161332925760276",
"269182909587005509966059087799845181470",
"137069313049285435149612788683553497597",
"13237349173393881884674916736449391574",
"311229632863293049854145443456278875842",
"200659021717860052381924849217492440740",
"236208000950321848468091993292835290741",
"13237349173393881884674916736449391574",
"311229632863293049854145443456278875842",
"316217250228203442530821723093471190301",
"2544357164870417304895274205782808302",
"327428738380851875072086640196860844719",
"38615536945376955112304150955126290690",
"330323815705367750289174355923513978008",
"255961283142030936276399941491628317648",
"311229632863293049854145443456278875842",
"200659021717860052381924849217492440740",
"236208000950321848468091993292835290741",
"13237349173393881884674916736449391574",
"311229632863293049854145443456278875842",
"200659021717860052381924849217492440740",
"236208000950321848468091993292835290741",
"215270906290005783622426038741650274918",
"206218689166382866616993724409908720033",
"267736281923668211909025488814612772203",
"316402213967916457323416304942297066521",
"42733897016680122202611280292237541530",
"47312894792537028295421068653932174889",
"127719182014782471663968575388626875007",
"276701571312641104074028786671089426922",
"223277832707020671107633993992068520850",
"196889730232970301984699769191684713315",
"114592134611855788707876554101010302842",
"333607819032366246440607644387681849345",
"122288431553698812874327513897280558320",
"124901143056360359423607317645622031993",
"172510615937141601851724735425487358199",
"259495703048052745955879027085558613000",
"67490943479371108797309281824855679892",
"19827572648871648518340550292068846984",
"88501319238230112893621207998237820962",
"47312894792537028295421068653932174889",
"209117466490795013100449185623148946921",
"70352130885428897057911716129260226260",
"64450438259691921455849036414727510360",
"138444396159167569224176422330227223751",
"114592134611855788707876554101010302842",
"333607819032366246440607644387681849345",
"122288431553698812874327513897280558320",
"80829327876727030736841137660224091128",
"330744135247363802013669152669988602556",
"294258265210916458753940417463134944243",
"121403476583364000526180708597213122598",
"250856604606482844765354843044255597698",
"228608713377455253737580986856305145706"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/madler/zlib/commit/2fa463bacfff79181df1a5270fb67cc679a53e71",
"id": "CVE-2016-9841-7d837108",
"target": {
"file": "inftrees.c"
},
"digest": {
"line_hashes": [
"33289512042373412906093149139436580830",
"91426820839317131268716791780186008144",
"194818944693421866592958753112657371532",
"159668138545083466055711927804961193023",
"255066741664144691720111386013603848817",
"234232056215069776200927132383547217084",
"295366361648995060731826038642910043574",
"194364176202057146808626712171096427014"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/madler/zlib/commit/2fa463bacfff79181df1a5270fb67cc679a53e71",
"id": "CVE-2016-9841-877aa23a",
"target": {
"file": "zconf.h"
},
"digest": {
"line_hashes": [
"173123370633123651154244949134281019542",
"102273106005205754638040113472517884264",
"235429814244466703824677965529538273675",
"208303993750882978934021550073336842459",
"97615609550968706431926448181519994863",
"339118080829838946074693924107468946553",
"80218173194119430334455345176075092856",
"221115080022463896686917755184628890434",
"220779142876063203106760351651649795828",
"79972837918061490055760410628729165483",
"29640572416293066614062894907893542972",
"320836455951002542724053434768351830366",
"278439570502606989562359642144711240921",
"74969605840670941905966442808748242415",
"136349982313411503433050181948921111059",
"84828482625013498067679033752823325859",
"218156909012989000717970859258362570251",
"156120690550699675574548547437792604157",
"174169894385923384555886757688589868129",
"113887265610536653913694580851125688715",
"322944331613534704823013669100696288875",
"25052244974639821325585794070234606822",
"38325901798038084643343130133098808807",
"158002972493212489475769473812998149461",
"292758423975469462340735089873782351214",
"197319885884091558389402997168622303229",
"273529858872929722013164257392580258347",
"2188558013403878625577241987667171928",
"227718873515223558132286010362181398299",
"337146253929636158546926301773569599342",
"276954032770302743552966193594550874576",
"326215511158024088703961555581128655326",
"243619819439693214143230160079414937501",
"232483367442315974246589415647223061426",
"260395415480728946097742438941645713965",
"292290712618831869667048484348647386677",
"191647618147979755276168823006196468103",
"219013074033810971796049774630081821884",
"205564429641538400226903564968255480612",
"294498949750680192840586029840089044143",
"183398131489758762038008857864289906980",
"69378252258223222776676769656103498778",
"150063933148831471523654235222726000523",
"160919057829188140111342717977171904200",
"113985210579133651988131412870508958926",
"236797731968003545657916862894293146441"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
},
{
"deprecated": false,
"source": "https://github.com/madler/zlib/commit/2fa463bacfff79181df1a5270fb67cc679a53e71",
"id": "CVE-2016-9841-ebd0da57",
"target": {
"file": "deflate.c"
},
"digest": {
"line_hashes": [
"241551680136109100503375360648810826978",
"68187369923040033918172656615963607133",
"297761764425146664349507739115654243055"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9841.json"