3283 matches found
CVE-2002-0759
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the OEXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a...
CVE-2002-0059
CVE-2002-0059: The decompression algorithm in zlib 1.1.3 and earlier can cause inflateEnd to free memory more than once (a double free), enabling memory corruption that may allow arbitrary code execution via malformed compression data. Affected: zlib up to version 1.1.3 and earlier. Root cause: d...
[SECURITY] New versions of gzip available
We were told by Michal Zalewski that gzexe as shipped with gzip uses an unsecure method decompressing executables on the fly opening a way of calling arbitrary programs. Newer versions for bo and hamm are fixing this. We recommend you upgrade your gzip package if youre using the gzexe method. dpk...