JLSEC-2026-479

Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-479.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-479.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2026-479
Upstream
Published
2026-05-07T17:36:47.122Z
Modified
2026-07-18T00:02:06.114503232Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.

Database specific
{
    "sources": [
        {
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45853",
            "modified": "2026-07-14T13:17:02.983Z",
            "published": "2023-10-14T02:15:09.323Z",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-45853",
            "imported": "2026-07-17T21:58:40.394Z",
            "id": "CVE-2023-45853",
            "database_specific": {
                "status": "Modified"
            }
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / GCCBootstrap_jll

Package

Name
GCCBootstrap_jll
Purl
pkg:julia/GCCBootstrap_jll?uuid=7627cfbf-f290-59f7-b5e8-595c7b62b918

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected

Database specific

source
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-479.json"

Julia / Openresty_jll

Package

Name
Openresty_jll
Purl
pkg:julia/Openresty_jll?uuid=87da34d4-7b1b-5a94-8376-8cb65bf3132c

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.27.1+0

Database specific

source
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-479.json"

Julia / Zlib_jll

Package

Name
Zlib_jll
Purl
pkg:julia/Zlib_jll?uuid=83775a58-1f1d-513f-b197-d71354ab007a

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.1+0

Database specific

source
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-479.json"