Headline
CVE-2005-2096: Debian -- Security Information -- DSA-740-1 zlib
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
An error in the way zlib handles the inflation of certain compressed files can cause a program which uses zlib to crash when opening an invalid file.
This problem does not affect the old stable distribution (woody).
For the stable distribution (sarge), this problem has been fixed in version 1.2.2-4.sarge.1.
For the unstable distribution, this problem has been fixed in version 1.2.2-7.
We recommend that you upgrade your zlib package.