National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:gnu:gzip:1.3
There are 5 matching records.
Vuln ID Summary CVSS Severity
CVE-2010-0001

Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.

Published: January 29, 2010; 01:30:00 PM -05:00
V2: 6.8 MEDIUM
CVE-2009-2624

The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.

Published: January 29, 2010; 01:30:00 PM -05:00
V2: 6.8 MEDIUM
CVE-2004-0603

gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.

Published: December 06, 2004; 12:00:00 AM -05:00
V2: 10.0 HIGH
CVE-2003-0367

znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Published: July 02, 2003; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2001-1228

Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server.

Published: November 18, 2001; 12:00:00 AM -05:00
V2: 7.5 HIGH