CVE-2026-22184

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score

9.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.

Vulnerability Details

Published Date

January 07, 2026

Last Modified

January 15, 2026

CWE ID

CWE-787

Source

NVD

Vendor

zlib

Product

zlib

External References

https://github.com/madler/zlib
https://seclists.org/fulldisclosure/2026/Jan/3
https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname
https://zlib.net/
https://github.com/madler/zlib/issues/1142

CVE-2026-22184

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment