Critical Zlib Vulnerability Allows Buffer Overflow Attacks Through Command Line

Critical buffer overflow in zlib untgz utility version 1.3.1.2 allows code execution through malicious input. Learn more about the exploit.

By Content Team

Jan 12, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Security researchers have discovered a severe buffer overflow vulnerability in zlib's untgz utility version 1.3.1.2 that lets attackers execute malicious code through simple command-line input.

The flaw exists in the TGZfname() function, where an unbounded strcpy() call copies user-supplied archive names into a fixed 1,024-byte buffer without any length validation. Attackers can trigger memory corruption by simply providing filenames longer than 1,024 bytes as command-line arguments.

Researchers demonstrated the exploit using a 4,096-byte filename, which caused a global buffer overflow affecting memory beyond the function's scope. This makes the vulnerability particularly dangerous since the corruption persists and can influence subsequent program behavior, potentially leading to code execution.

Source: Cyber Security News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Qilin Ransomware Targets Small Businesses Through Basic Security Gaps

Nov 11, 2025

Hackers Actively Exploiting Critical Zero-Day Flaw in 120+ Cisco Email Security Devices

Dec 21, 2025

Hackers Exploit Critical Cisco Zero-Day Affecting Unified Communications Systems

Jan 22, 2026

Congressional Budget Office Confirms Cyberattack by Suspected Foreign Hackers

Nov 8, 2025