Aggregates CVE and security vulnerability intelligence across all zlib-ng-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk memory corruption and vendor risk path handling and related problems; some flaws may lead to vendor impact memory corruption, affecting vendor surface network services scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-48107 | Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os.c file. | [email protected] | 8.8 | 0.12% | 2023-11-22 | 2025-11-04 |
| CVE-2023-48106 | Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_resolve function in the mz_os.c file. | [email protected] | 8.8 | 0.16% | 2023-11-22 | 2024-11-21 |
| CVE-2014-9485 | Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive. | [email protected] | 5.5 | 1.73% | 2018-01-16 | 2026-03-24 |