cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

CVE-2022-37434: zlib vulnerability impact on InstallShield

CVE-2022-37434: zlib vulnerability impact on InstallShield

Summary:

A critical vulnerability (CVSS Score 9.8) is reported in the latest version (1.2.12) of a popular component - zlib (https://github.com/madler/zlib). This article discusses the impact, if any, on InstallShield.

Description: 

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.  NOTE: only applications that call inflateGetHeader are affected. Upon analysis, neither InstallShield nor other third party components used in InstallShield are calling this method, hence it is not impacted by the vulnerability. 

Resolution: 

No fix is required.

Workaround: 

No workaround is required.

References: 

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434

 

Labels (2)
Was this article helpful? Yes No
No ratings
Comments

What about InstallAnywhere?

Version history
Last update:
‎Aug 23, 2022 10:49 PM
Updated by:
Contributors