The vulnerability of the bzread function (ext/bz2/bz2.c) in the PHP programming language allows a attacker to trigger a service failure or execute arbitrary code.

The vulnerability of the bzread function ext/bz2/bz2.c in the PHP interpreter is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures or execute arbitrary code using a specially created .bz2 archive...

CVE-2007-1461

The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or openbasedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories...