Bzip

Bzip2

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.13%
  • Veröffentlicht 28.05.2026 14:16:19
  • Zuletzt bearbeitet 05.06.2026 08:16:30

bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash (denial of service). This issue ...

  • EPSS 8.04%
  • Veröffentlicht 19.06.2019 23:15:09
  • Zuletzt bearbeitet 09.06.2025 16:15:29

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

  • EPSS 15.69%
  • Veröffentlicht 30.06.2016 17:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.

Exploit
  • EPSS 1.05%
  • Veröffentlicht 16.04.2014 18:37:11
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

  • EPSS 3.3%
  • Veröffentlicht 28.09.2010 18:00:02
  • Zuletzt bearbeitet 16.06.2026 23:16:05

Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.

Exploit
  • EPSS 4.52%
  • Veröffentlicht 18.03.2008 21:44:00
  • Zuletzt bearbeitet 16.06.2026 22:51:35

bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

  • EPSS 6.15%
  • Veröffentlicht 19.05.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:12:44

bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").

  • EPSS 0.4%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:12:06

Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.

  • EPSS 1.35%
  • Veröffentlicht 12.08.2002 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:58:04

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which...

  • EPSS 0.3%
  • Veröffentlicht 12.08.2002 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:58:04

Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archiv...