submited by
Style Pass
2023-03-18 13:00:03

This article assumes you’ve already heard about the aCropalypse vulnerability, aka CVE-2023-21036. If not, go read about it here (oops, this page doesn't exist yet. Read this tweet in the meantime).

can you decompress a zlib stream which is missing the first say 0x10000 bytes but you still have 0x100000 bytes of the data trailing it is that possible

I doubt it because you could have gigabytes of data that all depend on data referenced from the first few bytes It might be doable if you have the corresponding uncompressed data but you're missing the zlib stream Sounds like a Retr0id task either way

At this point in time, Simon was asking the question in an abstract sense, so as not to give away the nature of the vulnerability.

Zlib uses DEFLATE compression, which itself makes use of LZ77 and Huffman Coding techniques. Nicolas’ answer is based on the fact that LZ77 works by replacing repeated data with backreferences to a previous occurrence. If you’re missing that prior data, then you’ll never be able to resolve backreferences to it.

My answer was based on the fact that zlib streams can use dynamic Huffman coding, where a custom Huffman tree is defined at the start of a block. This tree is used to encode symbols for the rest of that block. It's near-impossible to decompress Huffman-coded data without knowing the tree used—almost like trying to decrypt an encrypted message without knowing the key.

Leave a Comment