CVE-2005-2659

Buffer overflow in the LZX decompression in CHM Lib chmlib 0.35, as used in products such as KchmViewer, has unknown impact and attack vectors...

[SECURITY] [DSA 886-1] New chmlib packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 886-1 [email protected] http://www.debian.org/security/ Martin Schulze November 7th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 886-1] New chmlib packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 886-1 [email protected] http://www.debian.org/security/ Martin Schulze November 7th, 2005 http://www.debian.org/security/faq -...

Microsoft Windows Unchecked Buffer in Decompression Functions (Q329048)

Two vulnerabilities exist in the Compressed Folders function: An unchecked buffer exists in the programs that handles the decompressing of files from a zipped file. A security vulnerability results because attempts to open a file with a specially malformed filename contained in a zipped file coul...

CVE-2005-3030

Directory traversal vulnerability in the archive decompression library in AhnLab V3Pro 2004 build 6.0.0.383, V3 VirusBlock 2005 build 6.0.0.383, and V3Net for Windows Server 6.0 build 6.0.0.383 allows remote attackers to write arbitrary files via a .. dot dot in the filename in a compressed archi...

DC++ and its mods remote DoS in bzip2 decompression routine

DC++ and its mods remote DoS in bzip2 decompression routine Critical Security research: http://www.critical.lt Original advisory may be found: http://www.critical.lt/?vulnerabilities/22 PoC file may be found here: http://www.critical.lt/research/dc.zip Vulnerable product: DC++ and its mods all...

SUSE Security Announcement: kernel multiple security problems (SUSE-SA:2005:050)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUSE Security Announcement Package: kernel Announcement ID: SUSE-SA:2005:050 Date: Thu, 01 Sep 2005 14:00:00 +0000 Affected Products: 9.1, 9.2, 9.3 SUSE Linux Enterprise Server 9 Novell Linux Desktop 9 Vulnerability Type: denial of service, local...

CVE-2005-2720

HAURI Anti-Virus products (ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, LiveCall) are affected by CVE-2005-2720 due to a stack-based buffer overflow in the ACE archive decompression library (vrAZace.dll) when scanning ACE archives. The flaw occurs with ACE archives that contain a file w...

CVE-2005-2475

Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete...

DEBIAN-CVE-2005-2475

Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete...

zlib -- buffer overflow vulnerability

Problem description A fixed-size buffer is used in the decompression of data streams. Due to erronous analysis performed when zlib was written, this buffer, which was belived to be sufficiently large to handle any possible input stream, is in fact too small. Impact A carefully constructed...

[SECURITY] [DSA 752-1] New gzip packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 752-1 [email protected] http://www.debian.org/security/ Martin Schulze July 11th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 741-1] New bzip2 packages prevent decompression bomb

-------------------------------------------------------------------------- Debian Security Advisory DSA 741-1 [email protected] http://www.debian.org/security/ Martin Schulze July 7th, 2005 http://www.debian.org/security/faq -...

bzip2 security update

CentOS Errata and Security Advisory CESA-2005:474-01 Updated bzip2 packages that fix multiple issues are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Updated 13 February 2006 Replacement bzip2 packages for Red Hat Enterprise Linux ...

security flaw

bzip2 allows remote attackers to cause a denial of service hard drive consumption via a crafted bzip2 file that causes an infinite loop a.k.a "decompression bomb"...

security flaw

Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete...

Low: Red Hat Security Advisory: bzip2 security update

Updated bzip2 packages that fix multiple issues are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Updated 13 February 2006 Replacement bzip2 packages for Red Hat Enterprise Linux 4 have been created as the original erratum packages...

security flaw

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete...

CVE-2005-1260

bzip2 allows remote attackers to cause a denial of service hard drive consumption via a crafted bzip2 file that causes an infinite loop a.k.a "decompression bomb"...

CVE-2005-1260

bzip2 allows remote attackers to cause a denial of service hard drive consumption via a crafted bzip2 file that causes an infinite loop a.k.a "decompression bomb"...