Showing results for 
Show  only  | Search instead for 
Did you mean: 

CVE-2023-45853: zlib vulnerability impact on InstallShield

CVE-2023-45853: zlib vulnerability impact on InstallShield


A critical vulnerability (CVE-2023-45853) is reported in 1.3 version of zlib component ( This article discusses the impact, if any, on InstallShield.


MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field.

Upon analysis, InstallShield Basic MSI, InstallScript, InstallScript MSI and Suite project setups are not affected by this vulnerability as these projects do not use MiniZip component. InstallShield MSIX/APPX project flow uses MiniZip, but there are no scenarios that involves the use of comment, extra field and long filenames.

Hence InstallShield setups are not impacted by this vulnerability.


As a Defense-in-Depth (DiD) measure, the zlib repository change, which fixes the vulnerability for zlib upstream, has been manually merged into the InstallShield 2023 R2 release. 

As the utilized version is based on zlib version, security software may still highlight InstallShield Setups as potentially vulnerable; however, this constitutes a false positive and can be safely ignored. We are actively working on migrating zlib to version 1.3.1 to reduce false positive warnings in the future. This page will be updated shortly with hotfix availability details.


NVD - CVE-2023-45853 (





Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Feb 26, 2024 07:57 PM
Updated by: