National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:bzip:bzip2:0.9
There are 5 matching records.
Vuln ID Summary CVSS Severity

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

Published: June 19, 2019; 07:15:09 PM -04:00
V2: 7.5 HIGH

The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

Published: April 16, 2014; 02:37:11 PM -04:00
V2: 4.6 MEDIUM

Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.

Published: September 28, 2010; 02:00:02 PM -04:00
V2: 5.1 MEDIUM

bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

Published: March 18, 2008; 05:44:00 PM -04:00
V2: 4.3 MEDIUM

Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.

Published: May 02, 2005; 12:00:00 AM -04:00
V2: 3.7 LOW