CVE-2005-2096

Publication date 6 July 2005

Last updated 17 July 2025

Ubuntu priority

Description

zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
aide	7.04 feisty	Fixed 0.10-11
	6.10 edgy	Fixed 0.10-11
	6.06 LTS dapper	Fixed 0.10-11
bacula	7.04 feisty	Ignored end of life, was needed
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Fixed 1.36.3-2ubuntu2
dpkg	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected
dump	7.04 feisty	Fixed 0.4b41-2
	6.10 edgy	Fixed 0.4b41-2
	6.06 LTS dapper	Fixed 0.4b41-2
ia32-libs	7.04 feisty	Fixed 1.5ubuntu5
	6.10 edgy	Fixed 1.5ubuntu5
	6.06 LTS dapper	Fixed 1.4ubuntu20
rpm	7.04 feisty	Fixed 4.4.1-14build1
	6.10 edgy	Fixed 4.4.1-9.1ubuntu0.1
	6.06 LTS dapper	Fixed 4.4.1-5ubuntu2.1
sash	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected
zlib	7.04 feisty	Fixed 1.2.3-6ubuntu4
	6.10 edgy	Fixed 1.2.3-6ubuntu4
	6.06 LTS dapper	Fixed 1.2.3-6ubuntu4
zsync	7.04 feisty	Fixed 0.4.2-1
	6.10 edgy	Fixed 0.4.2-1
	6.06 LTS dapper	Fixed 0.4.2-1

References

Related Ubuntu Security Notices (USN)

USN-151-4
rpm vulnerability
9 November 2005

USN-151-2
zlib vulnerabilities
23 July 2005

USN-151-3
zlib vulnerabilities
29 October 2005

USN-148-1
zlib vulnerability
6 July 2005

Other references

https://www.cve.org/CVERecord?id=CVE-2005-2096