Is DotNetZip affected by the new zlib Security bug (CVE-2018-25032)?

[StarWars999123]

According to press reports, zLib has a serious security issue and already an old fix available. Since DotNetZip uses a modified version of jzlib (probably a derivate of zlib) is this libary affected and are fixes already available?

CVE-2018-25032

[DinoChiesa]

DotNetZip uses a modified version of jzlib? Is that true? Are you sure about that? Can you show me why you think that?

On Wed, Mar 30, 2022 at 4:44 AM StarWars999123 ***@***.***> wrote: According to press reports, zLib has a serious security issue and already an old fix available. Since DotNetZip uses a modified version of jzlib (probably a derivate of zlib) is this libary affected and are fixes already available? CVE-2018-25032 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032> — Reply to this email directly, view it on GitHub <#17>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAB52UUTFR4S7I73MF6W4Q3VCQ5CXANCNFSM5SBUWJVQ> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

-- -Dino

[StarWars999123]

https://github.com/DinoChiesa/DotNetZip/blob/master/Zlib/Zlib.cs#:~:text=This%20module%20defines,but%20significantly%20modified.
Ok, it just contains some data models here. However, I didn't took a detailed look into the code, where you added in some classes, that this code is completely novel. So you don't expect any influence of the zlib issue on DotNetZip, correct?