Security problem with zlib

Johan Wevers johanw at
Fri Jul 8 09:44:32 CEST 2005

David Shaw wrote:

>If you compile GnuPG on a system that has a zlib, the system zlib is
>used.  Your system zlib may or may not be vulnerable to the recent
>problem.  If your system zlib is vulnerable, then I strongly recommend
>that you upgrade :)

OK, so I assume GnuPG is exploitable with this bug. I assume it is only
vulnerable when deliberately corrupt data is fed into it, like with a
buffer overflow (I could not determine if the bug is a buffer overflow,
although the description suggested it)?

ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw at   //
PGP/GPG public keys at

More information about the Gnupg-users mailing list