Double Free in Zlib
CVE-2002-0059
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute ar…
Vulnerability class: Double Free
EPSS: 0.095 (94.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Zlib
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (US Government Resource, Third Party Advisory, x_refsource_CERT, third-party-advisory)
- cve@mitre.org (vendor-advisory, x_refsource_MANDRAKE, Broken Link)
- cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, Broken Link, x_refsource_BID)
- cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_XF)
- cve@mitre.org (x_refsource_HP, vendor-advisory, Broken Link)
- cve@mitre.org (vendor-advisory, x_refsource_CONECTIVA, Broken Link)
- cve@mitre.org (vendor-advisory, Patch, x_refsource_MANDRAKE, Broken Link, Vendor Advisory)
- cve@mitre.org (vendor-advisory, Broken Link, x_refsource_DEBIAN)
- cve@mitre.org (vendor-advisory, x_refsource_MANDRAKE, Broken Link)
- cve@mitre.org (US Government Resource, x_refsource_CERT-VN, Third Party Advisory, third-party-advisory)
Frequently asked questions
- What is CVE-2002-0059?
- CVE-2002-0059 is a critical-severity vulnerability in Zlib, classified under Double Free. CVSS score: 9.8/10. Published 2002-03-15.
- How severe is CVE-2002-0059?
- Critical severity. CVSS v3 base score is 9.8 out of 10.