CVE-2026-22184 on CTRL-OS 24.05

Packages: zlib

Status: Plausible

CVE Information

zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.

Updates

2026-04-01 09:58 CEST

Metadata changes:

Status for package zlib: “Plausible”

2026-04-01 09:44 CEST

Metadata changes:

Status: Plausible