CVE-2026-22184
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2026-22184
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-22184.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-22184
- Downstream
- Related
- Published
- 2026-01-07T21:16:01.563Z
- Modified
- 2026-01-17T05:40:50.365764Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.
- References
Affected packages
Git / github.com/madler/zlib
Affected ranges
- Type
- GIT
- Repo
- https://github.com/madler/zlib
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
v0.*
v0.71
v0.79
v0.8
v0.9
v0.91
v0.92
v0.93
v0.94
v0.95
v0.99
v1.*
v1.0-pre
v1.0.1
v1.0.2
v1.0.4
v1.0.5
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.2.0
v1.2.0.1
v1.2.0.2
v1.2.0.3
v1.2.0.4
v1.2.0.5
v1.2.0.6
v1.2.0.7
v1.2.0.8
v1.2.1
v1.2.1.1
v1.2.1.2
v1.2.10
v1.2.11
v1.2.12
v1.2.13
v1.2.2
v1.2.2.1
v1.2.2.2
v1.2.2.3
v1.2.2.4
v1.2.3
v1.2.3.1
v1.2.3.2
v1.2.3.3
v1.2.3.4
v1.2.3.5
v1.2.3.6
v1.2.3.7
v1.2.3.8
v1.2.3.9
v1.2.4
v1.2.4-pre1
v1.2.4-pre2
v1.2.4.1
v1.2.4.2
v1.2.4.3
v1.2.4.4
v1.2.4.5
v1.2.5
v1.2.5.1
v1.2.5.2
v1.2.5.3
v1.2.6
v1.2.6.1
v1.2.7
v1.2.7.1
v1.2.7.2
v1.2.7.3
v1.2.8
v1.2.9
v1.3
v1.3.1
v1.3.1.2