А вот и secunia откликнулась. Видно все считают, что в качестве библиотеки он
нигде не используется
> ----------------------------------------------------------------------
>
> TITLE:
> gzip Multiple Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA21996
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/21996/
>
> CRITICAL:
> Moderately critical
>
> IMPACT:
> DoS, System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> gzip 1.x
> http://secunia.com/product/4220/
>
> DESCRIPTION:
> Tavis Ormandy has reported some vulnerabilities in gzip, which can be
> exploited by malicious people to cause a DoS (Denial of Service) and
> potentially compromise a vulnerable system.
>
> 1) A boundary error within the "make_table()" function in unlzh.c can
> be used to modify certain stack data. This can be exploited to cause a
> DoS and potentially allows to execute arbitrary code by e.g. tricking
> a user or automated system into unpacking a specially crafted archive
> file.
>
> 2) A buffer underflow exists within the "build_tree()" function in
> unpack.c, which can be exploited to cause a DoS and potentially
> allows to execute arbitrary code by e.g. tricking a user or
> automated system into unpacking a specially crafted "pack" archive
> file.
>
> 3) A buffer overflow within the "make_table()" function of gzip's LZH
> support can be exploited to cause a DoS and potentially to compromise
> a vulnerable system by e.g. tricking a user or automated system into
> unpacking an archive containing a specially crafted decoding table.
>
> 4) A NULL pointer dereference within the "huft_build()" function and
> an infinite loop within the LZH handling can be exploited to cause a
> DoS by e.g. tricking a user or automated system into unpacking a
> specially crafted archive file.
>
> The vulnerabilities have been reported in version 1.3.5. Other
> versions may also be affected.
>
> SOLUTION:
> Do not unpack untrusted archive files.
>
> PROVIDED AND/OR DISCOVERED BY:
> Tavis Ormandy, Google Security Team
>
> ORIGINAL ADVISORY:
> http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676
>
> OTHER REFERENCES:
> US-CERT VU#554780:
> http://www.kb.cert.org/vuls/id/554780
>
> US-CERT VU#381508:
> http://www.kb.cert.org/vuls/id/381508
>
> US-CERT VU#773548:
> http://www.kb.cert.org/vuls/id/773548
>
> US-CERT VU#933712:
> http://www.kb.cert.org/vuls/id/933712
>
> US-CERT VU#596848
> http://www.kb.cert.org/vuls/id/596848
>