The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a “double free”), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469
frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022
www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
www.cert.org/advisories/CA-2002-07.html
www.debian.org/security/2002/dsa-122
www.kb.cert.org/vuls/id/368819
www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php
www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
www.redhat.com/support/errata/RHSA-2002-026.html
www.redhat.com/support/errata/RHSA-2002-027.html
www.securityfocus.com/bid/4267
www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030
www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036
www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037
exchange.xforce.ibmcloud.com/vulnerabilities/8427