A buffer overflow in zlib might allow an attacker to cause remote code execution.
|Package||sys-libs/zlib on all architectures|
|Affected versions||< 1.2.12-r3|
|Unaffected versions||>= 1.2.12-r3|
zlib is a widely used free and patent unencumbered data compression library.
Multiple vulnerabilities have been discovered in zlib. Please review the CVE identifiers referenced below for details.
Maliciously crafted input handled by zlib may result in remote code execution.
There is no known workaround at this time.
All zlib users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/zlib-1.2.12-r3"