Author Topic: Zlib flaw threatens MS code  (Read 2413 times)

0 Members and 1 Guest are viewing this topic.


  • Guest
Zlib flaw threatens MS code
« on: January 14, 2008, 01:59:21 AM »

This time, the flaw is a buffer overflow in the decompression process. Because the program doesnt properly validate input data, it can be fed bad data, which can lead to a buffer overflow.


Symantec Corp. reports that AIX, Debian, FreeBSD, Gentoo, SuSE, Red Hat, Ubuntu and many other operating systems are affected.

Mark Adler [a Zlib co-author] responded to my report with a patch and an in-depth investigation and explanation within 24 hours, and I believe he expects to release a new version of Zlib very soon."
Yet, the incident seemingly proves that Microsoft, despite dismissing open-source code publicly, has used software from others to create their own products.