Search CVE reports


Toggle filters

1 – 10 of 10 results


CVE-2023-22895

Medium priority
Vulnerable

The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product.

1 affected package

rust-bzip2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rust-bzip2 Needs evaluation Vulnerable Vulnerable Not in release Ignored
Show less packages

CVE-2019-12900

Medium priority
Fixed

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

2 affected packages

bzip2, clamav

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bzip2 Fixed Fixed
clamav Fixed Fixed
Show less packages

CVE-2016-3189

Low priority

Some fixes available 2 of 7

Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.

1 affected package

bzip2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bzip2 Not affected Fixed
Show less packages

CVE-2011-4089

Medium priority
Fixed

The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

1 affected package

bzip2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bzip2
Show less packages

CVE-2010-0405

Medium priority
Fixed

Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a...

4 affected packages

bzip2, clamav, dpkg, dump

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bzip2
clamav
dpkg
dump
Show less packages

CVE-2009-1884

Medium priority
Ignored

Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2...

1 affected package

libcompress-raw-bzip2-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libcompress-raw-bzip2-perl
Show less packages

CVE-2008-1372

Medium priority
Fixed

bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

1 affected package

bzip2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bzip2
Show less packages

CVE-2005-1260

Unknown priority
Fixed

bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").

1 affected package

bzip2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bzip2
Show less packages

CVE-2005-0758

Unknown priority
Fixed

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

2 affected packages

bzip2, gzip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bzip2
gzip
Show less packages

CVE-2005-0953

Unknown priority
Fixed

Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression...

1 affected package

bzip2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bzip2
Show less packages