cvedb.io
CVE-2023-45853
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2023-10-14T02:15:09.323 · Last modified 2026-07-14T13:17:02.983

Summary

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.

Affected products

zlib — zlib

Does this affect you?

Add your gear to cvedb and we'll alert you only when zlib ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.