National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:bzip:bzip2:0.9.5c
There are 6 matching records.
Vuln ID Summary CVSS Severity
CVE-2011-4089

The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

Published: April 16, 2014; 02:37:11 PM -04:00
V2: 4.6 MEDIUM
CVE-2010-0405

Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.

Published: September 28, 2010; 02:00:02 PM -04:00
V2: 5.1 MEDIUM
CVE-2008-1372

bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

Published: March 18, 2008; 05:44:00 PM -04:00
V2: 4.3 MEDIUM
CVE-2002-0759

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.

Published: August 12, 2002; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2002-0760

Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.

Published: August 12, 2002; 12:00:00 AM -04:00
V2: 1.2 LOW
CVE-2002-0761

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.

Published: August 12, 2002; 12:00:00 AM -04:00
V2: 2.1 LOW