Hello,
A security scan on a mobile application identified a vulnerability affecting the zlib library.
Affected CVE:
This vulnerability is related to a global buffer overflow in the standalone untgz utility included in the zlib source tree.
Current situation:
- The application indirectly uses zlib through the Flutter framework and its native dependencies. and libs like archive and image.
- The security scanner detected zlib version 1.3.0.1.
- Security scanners report that zlib versions < 1.3.1.3 are affected by CVE-2026-22184.
- The zlib version cannot be updated independently by the application, as it is managed by Flutter
Impact and Severity:
According to public advisories, the vulnerability may lead to:
- Buffer overflow
- Application crash (Denial of Service)
- Potential memory corruption or code execution under specific conditions
Questions:
- Is there a planned update of the Flutter Engine that includes zlib version 1.3.1.3 or newer, addressing CVE-2026-22184?
- Is there any official guidance or recommendation from the Flutter team to address or formally suppress this CVE in security scans until an engine update is available?
References:
Hello,
A security scan on a mobile application identified a vulnerability affecting the zlib library.
Affected CVE:
This vulnerability is related to a global buffer overflow in the standalone untgz utility included in the zlib source tree.
Current situation:
Impact and Severity:
According to public advisories, the vulnerability may lead to:
Questions:
References: