Lucene search
K
BzipBzip2

10 matches found

CVE
CVE
added 2019/06/19 10:7 p.m.1144 views

CVE-2019-12900

CVE-2019-12900 affects bzip2 up to 1.0.6. The vulnerability is an out-of-bounds write in BZ2_decompress (decompress.c) when there are many selectors, potentially causing memory corruption. Public notices list multiple vendor advisories (e.g., Rocky Linux/AlmaLinux, Debian/Ubuntu, OpenSUSE, Amazon...

9.8CVSS9.6AI score0.08042EPSS
CVE
CVE
added 2016/06/30 5:0 p.m.504 views

CVE-2016-3189

CVE-2016-3189 is a use-after-free in bzip2recover within bzip2 1.0.6 that allows remote denial of service (crash) via a crafted bzip2 file, caused by block ends set to before the start of the block. The vulnerability is confirmed across multiple references tied to bzip2 and was addressed by vendo...

6.5CVSS6.1AI score0.15685EPSS
CVE
CVE
added 2010/09/28 5:0 p.m.128 views

CVE-2010-0405

The CVE-2010-0405 issue affects bzip2/libbzip2 before 1.0.6, where an integer overflow in BZ2_decompress (decompress.c) can crash the application or, via a crafted file, possibly allow arbitrary code execution. Reported impact includes denial of service and potential code execution; exploit detai...

5.1CVSS6.6AI score0.03297EPSS
CVE
CVE
added 2008/03/18 9:0 p.m.110 views

CVE-2008-1372

CVE-2008-1372 affects bzip2: the buffer over-read vulnerability exists in the decompression routine of libbz2 prior to version 1.0.5, allowing a user-assisted remote attacker to trigger a crash via a crafted archive. The issue is a denial-of-service on vulnerable targets when processing malformed...

4.3CVSS9AI score0.04519EPSS
CVE
CVE
added 2005/05/19 4:0 a.m.95 views

CVE-2005-1260

CVE-2005-1260 describes a remote denial-of-service vulnerability in bzip2 where a crafted archive can cause an infinite loop during decompression, potentially exhausting disk space. Public documents show this issue alongside a related local race condition (CVE-2005-0953) and note that untrusted a...

5CVSS7.1AI score0.06152EPSS
CVE
CVE
added 2005/04/03 5:0 a.m.83 views

CVE-2005-0953

CVE-2005-0953 (bzip2) : A race condition in bzip2 (versions 1.0.2 and earlier) lets a local user modify the permissions of an arbitrary file during decompression via a hard-link attack on a file while it is being decompressed. This can affect files in a directory where the attacker has write acce...

3.7CVSS7.2AI score0.004EPSS
CVE
CVE
added 2014/04/16 6:0 p.m.67 views

CVE-2011-4089

The CVE-2011-4089 entry concerns the bzexe command in bzip2 1.0.5 and earlier. The vulnerability arises because extraction does not properly handle temporary files, allowing a local attacker to execute arbitrary code by precreating a temporary directory. Affected component: bzexe (bzip2). Root ca...

4.6CVSS7.2AI score0.01045EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.51 views

CVE-2002-0761

CVE-2002-0761 affects bzip2 before 1.0.2 on FreeBSD (4.5 and earlier) and OpenLinux (3.1 and 3.1.1). The issue arises when creating an archive: bzip2 honors the permissions of the symbolic link rather than those of the target file, which could cause files to be extracted with less restrictive per...

2.1CVSS7AI score0.00387EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.50 views

CVE-2002-0760

CVE-2002-0760 describes a race condition in bzip2 prior to 1.0.2 across FreeBSD 4.5 and earlier, and OpenLinux 3.1/3.1.1, where files are decompressed with world-readable permissions before being reset to the permissions specified in the archive, potentially allowing local users to read files dur...

1.2CVSS6.7AI score0.00298EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.43 views

CVE-2002-0759

CVE-2002-0759 affects bzip2 prior to 1.0.2, notably in FreeBSD 4.5 and earlier and OpenLinux 3.1/3.1.1. The issue is that bzip2 does not use the O_EXCL flag to create files during decompression and does not warn if an existing file would be overwritten. This could allow an attacker to overwrite f...

5CVSS6.9AI score0.01348EPSS