Skip to main content

Incorrect Pointer Scaling

CVE-2016-9842

Severity High
Score 8.8/10

Summary

The inflateMark function in inflate.c in zlib 1.2.3.4 through 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • REQUIRED
  • NONE
  • HIGH
  • HIGH

CWE-468 - Incorrect Pointer Scaling

In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.

References

Advisory Timeline

  • Published