diff --git a/NEWS b/NEWS
index 77119e29fcf..0b5020c6f0c 100644
--- a/NEWS
+++ b/NEWS
@@ -54,6 +54,9 @@ PHP                                                                        NEWS
   . Fix error check for proc_open() command. (ndossche)
   . Fixed bug GH-20582 (Heap Buffer Overflow in iptcembed). (ndossche)
 
+- Zlib:
+  . Fix OOB gzseek() causing assertion failure. (ndossche)
+
 18 Dec 2025, PHP 8.3.29
 
 - Core:
diff --git a/ext/zlib/tests/gzseek_seek_oob.phpt b/ext/zlib/tests/gzseek_seek_oob.phpt
new file mode 100644
index 00000000000..021f8cb174d
--- /dev/null
+++ b/ext/zlib/tests/gzseek_seek_oob.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Test function gzseek() by seeking out of bounds
+--EXTENSIONS--
+zlib
+--FILE--
+<?php
+$f = __DIR__."/004.txt.gz";
+$h = gzopen($f, 'r');
+
+var_dump(gzseek($h, -100, SEEK_CUR));
+var_dump(gzseek($h, 0, SEEK_CUR));
+var_dump(gztell($h));
+
+gzclose($h);
+?>
+--EXPECT--
+int(-1)
+int(0)
+int(0)
diff --git a/ext/zlib/zlib_fopen_wrapper.c b/ext/zlib/zlib_fopen_wrapper.c
index 31b5212a720..da948af37ff 100644
--- a/ext/zlib/zlib_fopen_wrapper.c
+++ b/ext/zlib/zlib_fopen_wrapper.c
@@ -94,9 +94,14 @@ static int php_gziop_seek(php_stream *stream, zend_off_t offset, int whence, zen
 		php_error_docref(NULL, E_WARNING, "SEEK_END is not supported");
 		return -1;
 	}
-	*newoffs = gzseek(self->gz_file, offset, whence);
 
-	return (*newoffs < 0) ? -1 : 0;
+	z_off_t new_offset = gzseek(self->gz_file, offset, whence);
+	if (new_offset < 0) {
+		return -1;
+	}
+
+	*newoffs = new_offset;
+	return 0;
 }
 
 static int php_gziop_close(php_stream *stream, int close_handle)