National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:bzip:bzip2:0.9.5_a
There are 3 matching records.
Vuln ID Summary CVSS Severity
CVE-2011-4089

The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

Published: April 16, 2014; 02:37:11 PM -04:00
V2: 4.6 MEDIUM
CVE-2010-0405

Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.

Published: September 28, 2010; 02:00:02 PM -04:00
V2: 5.1 MEDIUM
CVE-2005-0953

Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.

Published: May 02, 2005; 12:00:00 AM -04:00
V2: 3.7 LOW