Loading
search-img

danielkfl asked a question.

August 18, 2022 at 8:47 AM
Zlib vulnerability CVE-2022-37434

Hi Experts,

We use InstallShield for our software and we noticed a 9.8 rated critical finding in our latest OSS scan. The finding is related to Zlib. See: https://nvd.nist.gov/vuln/detail/CVE-2022-37434

 

Apparently this vulnerability can only be exploited if a specific method - inflateGetHeader -  is called. Therefore I'd like to know if InstallShield 2021 is affected.

So far there is no hotfix by Zlib, but there's already a request on GitHub. https://github.com/madler/zlib/issues/692

 

Best regards,

 

Daniel
  • 3 answers
  • 157 views

  • VDonga (Flexera Software)

    Hello @danielkfl  

    This is Venkat Donga, Product Manager for InstallShield. Thanks for bringing this to our attention. We have reviewed this vulnerability and in our analysis it seems to affect apps only if the method 'inflateGetHeader' from zlib is invoked. Neither InstallShield nor other third party components used in InstallShield are calling this method. 

     

    So, it's safe to say that InstallShield is not affected by this vulnerability.

    Please let us know if you have any further questions on this.

    Expand Post
    Selected as Best

  • shunt (Flexera Software)

    Thanks for this Daniel - I've sent this across to our Installshield Developers so they are aware of this and we'll update this thread as soon as we have more information.

  • VDonga (Flexera Software)

    Hello @danielkfl  

    This is Venkat Donga, Product Manager for InstallShield. Thanks for bringing this to our attention. We have reviewed this vulnerability and in our analysis it seems to affect apps only if the method 'inflateGetHeader' from zlib is invoked. Neither InstallShield nor other third party components used in InstallShield are calling this method. 

     

    So, it's safe to say that InstallShield is not affected by this vulnerability.

    Please let us know if you have any further questions on this.

    Expand Post
    Selected as Best

Create a case with Support
0/255
Upload Attachment
File Upload
Maximum file size allowed is 3 MB.
File type not supported.
Supported file types:
Documents (.txt, .doc, .docx, .pdf), Images (.jpg, .png), Comma Separated Files (.csv) Speadsheets (.xlsx, .xls)

Are you sure you want to cancel the case creation?

Are you sure you want to close this case

Get Hotline support
Products Region Phone Numbers
FlexNet Operations
FlexNet Embedded
FlexNet Publisher
FlexNet Connect
FlexNet Code Insight
InstallAnywhere
InstallShield 		North America  * +1 630-332-2513 (toll)
+1 877-279-2853 (toll-free in North America)
Europe  * +44 1925 944367 (toll)
+44 800 047 8642 (toll-free in Europe)
Japan  * +81 3-4540-5335 (select option 2)
Australia  * +61 3 9895 2177
+61 1800 560 603 (toll-free in Australia)
Usage Intelligence (formerly Revulytics)
Compliance Intelligence 		Please use the Case Portal to submit your support ticket or reach out to your Revenera contact.
Book an Appointment
File Upload
Maximum file size allowed is 3 MB.
File type not supported.
Supported file types:
Documents (.txt, .doc, .docx, .pdf), Images (.jpg, .png), Comma Separated Files (.csv) Speadsheets (.xlsx, .xls)
+1.800.374.4353
CONTACT US REVENERA.COM FLEXERA.com
© 2026 Flexera Software. All Rights Reserved.
Privacy policy Terms and conditions Flexera Community Contact Us
Loading
Zlib vulnerability CVE-2022-37434