10 matches found
CVE-2019-12900
CVE-2019-12900 affects bzip2 up to 1.0.6. The vulnerability is an out-of-bounds write in BZ2_decompress (decompress.c) when there are many selectors, potentially causing memory corruption. Public notices list multiple vendor advisories (e.g., Rocky Linux/AlmaLinux, Debian/Ubuntu, OpenSUSE, Amazon...
CVE-2016-3189
CVE-2016-3189 is a use-after-free in bzip2recover within bzip2 1.0.6 that allows remote denial of service (crash) via a crafted bzip2 file, caused by block ends set to before the start of the block. The vulnerability is confirmed across multiple references tied to bzip2 and was addressed by vendo...
CVE-2010-0405
The CVE-2010-0405 issue affects bzip2/libbzip2 before 1.0.6, where an integer overflow in BZ2_decompress (decompress.c) can crash the application or, via a crafted file, possibly allow arbitrary code execution. Reported impact includes denial of service and potential code execution; exploit detai...
CVE-2008-1372
CVE-2008-1372 affects bzip2: the buffer over-read vulnerability exists in the decompression routine of libbz2 prior to version 1.0.5, allowing a user-assisted remote attacker to trigger a crash via a crafted archive. The issue is a denial-of-service on vulnerable targets when processing malformed...
CVE-2005-1260
CVE-2005-1260 describes a remote denial-of-service vulnerability in bzip2 where a crafted archive can cause an infinite loop during decompression, potentially exhausting disk space. Public documents show this issue alongside a related local race condition (CVE-2005-0953) and note that untrusted a...
CVE-2005-0953
CVE-2005-0953 (bzip2) : A race condition in bzip2 (versions 1.0.2 and earlier) lets a local user modify the permissions of an arbitrary file during decompression via a hard-link attack on a file while it is being decompressed. This can affect files in a directory where the attacker has write acce...
CVE-2011-4089
The CVE-2011-4089 entry concerns the bzexe command in bzip2 1.0.5 and earlier. The vulnerability arises because extraction does not properly handle temporary files, allowing a local attacker to execute arbitrary code by precreating a temporary directory. Affected component: bzexe (bzip2). Root ca...
CVE-2002-0761
CVE-2002-0761 affects bzip2 before 1.0.2 on FreeBSD (4.5 and earlier) and OpenLinux (3.1 and 3.1.1). The issue arises when creating an archive: bzip2 honors the permissions of the symbolic link rather than those of the target file, which could cause files to be extracted with less restrictive per...
CVE-2002-0760
CVE-2002-0760 describes a race condition in bzip2 prior to 1.0.2 across FreeBSD 4.5 and earlier, and OpenLinux 3.1/3.1.1, where files are decompressed with world-readable permissions before being reset to the permissions specified in the archive, potentially allowing local users to read files dur...
CVE-2002-0759
CVE-2002-0759 affects bzip2 prior to 1.0.2, notably in FreeBSD 4.5 and earlier and OpenLinux 3.1/3.1.1. The issue is that bzip2 does not use the O_EXCL flag to create files during decompression and does not warn if an existing file would be overwritten. This could allow an attacker to overwrite f...