CVE-2026-24799
Published: 01/27/2026 09:15:49
Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in davisking dlib (dlib/external/zlib modules). This vulnerability is associated with program files inflate.C.
This issue affects dlib: before v19.24.9.
Unknown
CVSS v2:
CVSS v2:
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 0.0.0.1 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 25.4 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 25.3 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 25.2 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 25.1.1 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 25.1 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 24.4 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 24.4.0 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 24.3 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 24.2.1 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 24.2 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 24.1 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 23.3 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 23.2.1 | zlib (1.2.12) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 23.2 | zlib (1.2.12) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 23.1 | zlib (1.2.12) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 22.4 | zlib (1.2.12) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 22.3 | zlib (1.2.12) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 22.2 | zlib (1.2.12) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 22.1 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 21.11.1 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 21.11 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 21.8.1 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 21.8 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 21.5.1 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 21.5.0 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 21.2.0 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 11.4.20 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 11.4.19.3667 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 11.4.18.3599 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 11.4.17 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 11.4.16.3445 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 11.4.15.3368 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 11.4.14.3263 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 11.4.13.3179 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 11.4.12.3054 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 11.4.11.3040 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 11.4.11.2990 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 11.4.10.2934 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 11.4.9.2878 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |
| 11.4.8.2822 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24799 affects the dlib library’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use dlib; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1, and zlib 1.3 includes this fix. Our inflate.c contains the patched code with proper bounds checking for gzip header extra fields. |