CVE-2025-0725: Heap overflow in curl with Content-Encoding gzip and old libz versions

Hello, I would like to report a vulnerability here that I previously reported to the curl project. In curl's support for old libz version lies an integer overflow that can be triggered by a malicious http server by serving abnormally large gzip headers that then leads to a heap overflow with attacker-controlled data when `Content-Encoding: gzip` is used. Original report: https://hackerone.com/reports/2956023 CVE: CVE-2025-0725 Severity: Low Official Advisory: https://curl.se/docs/CVE-2025-0725.html ## Impact \-