Critical Zlib Vulnerability Let Attackers Trigger Buffer Overflow by Invoking untgz

A severe global buffer overflow vulnerability has been discovered in the zlib untgz utility version 1.3.1.2. Allowing attackers to corrupt memory and potentially execute malicious code through specially crafted command-line input.​

The security flaw resides in the TGZfname() function of the untgz utility, where an unbounded strcpy() call processes user-supplied archive names without any length validation.

The vulnerability occurs when the utility copies attacker-controlled input from the command line into a fixed-size static global buffer of only 1,024 bytes.​

Technical Details

The root cause stems from poor input handling: the archive name is derived directly from the argv[] parameters and copied into a global static array without bounds checking.

This overflow occurs immediately upon function entry, before any archive parsing or validation. Making the vulnerability trivially exploitable through command-line arguments alone.​

Attribute	Details
CVE ID	Not yet assigned
Affected Software	zlib untgz utility
Affected Version	v1.3.1.2
Vulnerability Type	Global Buffer Overflow
CWE	CWE-120 (Buffer Copy without Checking Size of Input)
Attack Vector	Command-line input
Impact	Denial of Service, Memory Corruption, Potential Code Execution

Security researchers demonstrated that supplying an archive name exceeding 1,024 bytes triggers an out-of-bounds write past the buffer’s end, leading to memory corruption.

The potential impacts include denial-of-service crashes, corruption of adjacent global memory objects, and undefined behavior.

More critically, depending on compiler settings, system architecture, build flags, and memory layout, attackers may be able to execute code.​

Researchers successfully triggered the vulnerability using AddressSanitizer (ASAN) by invoking untgz with a 4,096-byte filename argument.

The ASAN output confirmed a global buffer overflow caused by a write of 2,001 bytes to the vulnerable memory address.​

Because the overflow affects global memory rather than stack memory, the corruption persists beyond the function scope and can influence subsequent program behavior.

The vulnerability requires no special privileges and has low attack complexity, making it particularly dangerous for systems using the affected zlib untgz utility.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Critical Zlib Vulnerability Let Attackers Trigger Buffer Overflow by Invoking untgz appeared first on Cyber Security News.