Xceed .NET Libraries Documentation
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
No.
The component does not contain this vulnerability. The component is not statically linked to any specific ZLib version. The ZLib source was rewritten in C#, using a managed memory approach. Memory allocation and deallocation is done automatically by the .NET framework.