CVE-2026-22184— zlib <= 1.3.1.2 untgz Global Buffer Overflow in TGZfname()

EPSS 0.01% · P1 Updated Mar 05, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-22184

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

zlib <= 1.3.1.2 untgz Global Buffer Overflow in TGZfname()

Source: NVD (National Vulnerability Database)

Vulnerability Description

zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

跨界内存写

Source: NVD (National Vulnerability Database)

Vulnerability Title

zlib 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

zlib是美国Mark Adler个人开发者的一个通用的数据压缩库。 zlib 1.3.1.2及之前版本存在安全漏洞，该漏洞源于TGZfname函数存在全局缓冲区溢出，可能导致内存损坏、拒绝服务或代码执行。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
zlib software	zlib	0 ~ 1.3.1.2	-

II. Public POCs for CVE-2026-22184

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-22184

请登录查看更多情报信息。

https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfnamethird-party-advisory
GitHub - madler/zlib: A massively spiffy yet delicately unobtrusive compression library. · GitHubproduct
https://zlib.net/product
https://seclists.org/fulldisclosure/2026/Jan/3technical-descriptionexploit
https://nvd.nist.gov/vuln/detail/CVE-2026-22184

IV. Related Vulnerabilities

Same product: zlib

Same weakness: CWE-787

V. Comments for CVE-2026-22184

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-22184— zlib <= 1.3.1.2 untgz Global Buffer Overflow in TGZfname()

I. Basic Information for CVE-2026-22184

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-22184

III. Intelligence Information for CVE-2026-22184

IV. Related Vulnerabilities

V. Comments for CVE-2026-22184

Leave a comment