CVE-2022-1271

CVE-2022-1271 affects GNU gzip's zgrep: an attacker can cause arbitrary file writes by supplying crafted multi-line filenames. Two or more consecutive newlines in filenames lead to content and target file names being embedded in the same path, and insufficient validation enables remote, low-privi...

CVE-2005-0758

The CVE-2005-0758 issue affects gzip prior to 1.3.5, where zgrep does not properly sanitize file arguments, allowing local users to inject filenames into a sed script and execute arbitrary commands. Connected advisories confirm related issues (CVE-2005-0988 and CVE-2005-1228) in gunzip/bzip2 work...

CVE-2004-1349

CVE-2004-1349 affects gzip releases 1.3 and earlier on Solaris 8. The vulnerability occurs when gzip is invoked with the -f or -force flags, causing it to alter permissions of files that are hard linked to the target, enabling local users to view or modify those linked files. Connected sources co...