CVE-2026-42250
- EPSS 0.13%
- Veröffentlicht 28.05.2026 14:16:19
- Zuletzt bearbeitet 05.06.2026 08:16:30
bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash (denial of service). This issue ...
CVE-2019-12900
- EPSS 8.04%
- Veröffentlicht 19.06.2019 23:15:09
- Zuletzt bearbeitet 09.06.2025 16:15:29
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
CVE-2016-3189
- EPSS 15.69%
- Veröffentlicht 30.06.2016 17:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
CVE-2011-4089
- EPSS 1.05%
- Veröffentlicht 16.04.2014 18:37:11
- Zuletzt bearbeitet 06.05.2026 22:30:45
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.
CVE-2010-0405
- EPSS 3.3%
- Veröffentlicht 28.09.2010 18:00:02
- Zuletzt bearbeitet 16.06.2026 23:16:05
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
CVE-2008-1372
- EPSS 4.52%
- Veröffentlicht 18.03.2008 21:44:00
- Zuletzt bearbeitet 16.06.2026 22:51:35
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
- EPSS 6.15%
- Veröffentlicht 19.05.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:12:44
bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
CVE-2005-0953
- EPSS 0.4%
- Veröffentlicht 02.05.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:12:06
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
- EPSS 1.35%
- Veröffentlicht 12.08.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:58:04
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which...
CVE-2002-0760
- EPSS 0.3%
- Veröffentlicht 12.08.2002 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:58:04
Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archiv...