DF-0268
No decompression bomb (zip bomb) protection
Summary
No limit on decompression ratio. Small compressed input -> huge output. inflate loop has no time/ratio/byte cap. PPP peer sends highly-compressed stream -> CPU/memory exhaustion DoS. avail_out bounded by caller but loop itself has no limit.