CVE-2025-0725
Published: May 2, 2025
When libcurl is asked to perform automatic gzip decompression of
content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,
**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would
make libcurl perform a buffer overflow.
HIGH
CVSS v3: 7.3
CVSS v3: 7.3
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 0.0.0.1 | zlib (1.3) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 25.2 | zlib (1.3) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 25.1 | zlib (1.3) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 24.4 | zlib (1.3) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 24.4.0 | zlib (1.3) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 24.3 | zlib (1.3) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 24.2.1 | zlib (1.3) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 24.2 | zlib (1.3) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 24.1 | zlib (1.3) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 23.3 | zlib (1.3) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 23.2.1 | zlib (1.2.12) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 23.2 | zlib (1.2.12) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 23.1 | zlib (1.2.12) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 22.4 | zlib (1.2.12) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 22.3 | zlib (1.2.12) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 22.2 | zlib (1.2.12) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 22.1 | zlib (1.2.11) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 21.11.1 | zlib (1.2.11) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 21.11 | zlib (1.2.11) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 21.8.1 | zlib (1.2.11) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 21.8 | zlib (1.2.11) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 21.5.1 | zlib (1.2.11) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 21.5.0 | zlib (1.2.11) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 21.2.0 | zlib (1.2.11) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 11.4.20 | zlib (1.2.11) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 11.4.19.3667 | zlib (1.2.11) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 11.4.18.3599 | zlib (1.2.11) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 11.4.17 | zlib (1.2.11) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 11.4.16.3445 | zlib (1.2.11) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 11.4.15.3368 | zlib (1.2.11) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 11.4.14.3263 | zlib (1.2.11) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 11.4.13.3179 | zlib (1.2.11) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 11.4.12.3054 | zlib (1.2.11) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 11.4.11.3040 | zlib (1.2.11) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 11.4.11.2990 | zlib (1.2.11) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 11.4.10.2934 | zlib (1.2.11) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 11.4.9.2878 | zlib (1.2.11) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
| 11.4.8.2822 | zlib (1.2.11) | Not Affected | Code Not Present | Document Filter doesn’t use zlib for processing of HTTP responses. |
Severity score breakdown
Attack Complexity
LOW
Attack Vector
NETWORK
Availability Impact
LOW
Base Score
7.3
Base Severity
HIGH
Confidentiality Impact
LOW
Integrity Impact
LOW
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
NONE
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Version
3.1