CVE-2026-24800
Published: 01/27/2026 09:15:49
Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in tildearrow furnace (extern/zlib modules). This vulnerability is associated with program files inflate.C.
Unknown
CVSS v2:
CVSS v2:
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 0.0.0.1 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 25.4 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 25.3 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 25.2 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 25.1.1 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 25.1 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 24.4 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 24.4.0 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 24.3 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 24.2.1 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 24.2 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 24.1 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 23.3 | zlib (1.3) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 23.2.1 | zlib (1.2.12) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 23.2 | zlib (1.2.12) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 23.1 | zlib (1.2.12) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 22.4 | zlib (1.2.12) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 22.3 | zlib (1.2.12) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 22.2 | zlib (1.2.12) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 22.1 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 21.11.1 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 21.11 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 21.8.1 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 21.8 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 21.5.1 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 21.5.0 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 21.2.0 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 11.4.20 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 11.4.19.3667 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 11.4.18.3599 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 11.4.17 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 11.4.16.3445 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 11.4.15.3368 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 11.4.14.3263 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 11.4.13.3179 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 11.4.12.3054 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 11.4.11.3040 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 11.4.11.2990 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 11.4.10.2934 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 11.4.9.2878 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |
| 11.4.8.2822 | zlib (1.2.11) | False Positive | Code Not Present | CVE-2026-24800 affects the furnace project’s bundled copy of zlib, not the standalone zlib library. Document Filters does not use furnace; it uses zlib 1.3 directly. The underlying vulnerability (CVE-2022-37434) was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields via inflateGetHeader(). This was fixed in upstream zlib 1.2.13 via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. |