Summary

A critical vulnerability (CVSS Score 9.8) is reported in the latest version (1.2.12) of a popular component - zlib (https://github.com/madler/zlib). This article discusses the impact, if any, on InstallShield.

Description

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field.

NOTE: Only applications that call inflateGetHeader are affected. Upon analysis, neither InstallShield nor other third party components used in InstallShield are calling this method, hence it is not impacted by the vulnerability.

Resolution

No fix is required.

Workaround

No workaround is required.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434

Was this helpful?

Support Hub

Product

InstallShield

Visibility

Guest

URL Name

cve-2022-37434-zlib-vulnerability-impact-on-installshield

Are you sure you want to cancel the case creation?

Case closed successfully

Action performed successfully

Upload Attachment

Maximum file size allowed is 3 MB.

File type not supported.

Supported file types:

Documents (.txt, .doc, .docx, .pdf), Images (.jpg, .png), Comma Separated Files (.csv) Speadsheets (.xlsx, .xls)

Are you sure you want to close this case

Get Hotline support

Products	Region	Phone Numbers
FlexNet Operations FlexNet Embedded FlexNet Publisher FlexNet Connect FlexNet Code Insight InstallAnywhere InstallShield	North America *	+1 630-332-2513 (toll) +1 877-279-2853 (toll-free in North America)
	Europe *	+44 1925 944367 (toll) +44 800 047 8642 (toll-free in Europe)
	Japan *	+81 3-4540-5335 (select option 2)
	Australia *	+61 3 9895 2177 +61 1800 560 603 (toll-free in Australia)
Usage Intelligence (formerly Revulytics) Compliance Intelligence	Please use the Case Portal to submit your support ticket or reach out to your Revenera contact.

Summary

Description

Resolution

Workaround

References

Related Articles

Please wait...

Case id: 00001065