Xceed Zip for COM/ActiveX on x86/x64 Documentation
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
No. Vulnerability removed as of version 5.0.94 (November 2002).
The component does not contain this vulnerability. The component is not statically linked to any specific ZLib version. The ZLib source is integrated into the component and the original ZLib source has been modified over time to add features and fix issues and security vulnerabilities such as this one.
While the base ZLib source code was from version 1.1.3. Fixes and updates from successor versions of ZLib have been integreated into the code.