[gdal-dev] zlib vulnerability CVE-2018-25032 affecting GAL

Mateusz Loskot mateusz at loskot.net
Thu Apr 7 05:39:41 PDT 2022


On Thu, 7 Apr 2022 at 13:54, Andrew C Aitchison <andrew at aitchison.me.uk> wrote:
> On Thu, 7 Apr 2022, Mateusz Loskot wrote:
> > On Thu, 7 Apr 2022 at 12:29, prashanti seri <seri.prashanti at gmail.com> wrote:
> >>  Does zlib vulnerability CVE-2018-25032 affect GDAL as it uses this lib?
> >
> > Hints:
> > https://github.com/OSGeo/gdal/blob/master/frmts/zlib/zlib.h#L40
> > https://github.com/OSGeo/gdal/blob/patch/3.2.2.1/gdal/frmts/zlib/zlib.h#L40
> > https://github.com/OSGeo/gdal/blob/release/3.4/gdal/frmts/zlib/zlib.h#L40
>
> [...]
> so I don't see how zlib 1.2.3 protects gdal from this bug.

The three hints were supposed to help OP find answer to her
question above: "***Does ***zlib vulnerability ***affect*** GDAL?",
that's it.

Best regards,
-- 
Mateusz Loskot, http://mateusz.loskot.net


More information about the gdal-dev mailing list