CVE-2026-22184

UNKNOWN 0.0

zlib <= 1.3.1.2 untgz Global Buffer Overflow in TGZfname()

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.

CWE	CWE-787
Vendor	zlib software
Product	zlib
Published	Jan 7, 2026
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for zlib software zlib

Be the first to know when new unknown vulnerabilities affecting zlib software zlib are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

zlib software / zlib

0 ≤ 1.3.1.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

seclists.org: https://seclists.org/fulldisclosure/2026/Jan/3 zlib.net: https://zlib.net/ github.com: https://github.com/madler/zlib vulncheck.com: https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname github.com: https://github.com/madler/zlib/issues/1142

Credits

Ron Edgerson