CVE-2026-41992
- EPSS 0.15%
- Veröffentlicht 29.06.2026 10:15:57
- Zuletzt bearbeitet 01.07.2026 14:02:20
GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is share...
CVE-2026-41991
- EPSS 0.12%
- Veröffentlicht 29.06.2026 10:15:50
- Zuletzt bearbeitet 01.07.2026 14:02:24
GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID (PI...
CVE-2022-1271
- EPSS 4.27%
- Veröffentlicht 31.08.2022 16:15:09
- Zuletzt bearbeitet 09.06.2025 15:15:26
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file....
CVE-2009-2624
- EPSS 4.18%
- Veröffentlicht 29.01.2010 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:51
The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a...
CVE-2010-0001
- EPSS 4.77%
- Veröffentlicht 29.01.2010 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:15:11
Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a cra...
CVE-2005-0758
- EPSS 0.53%
- Veröffentlicht 13.05.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:11:42
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
CVE-2005-0988
- EPSS 0.66%
- Veröffentlicht 02.05.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:12:10
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip af...
- EPSS 3.58%
- Veröffentlicht 02.05.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:12:41
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.
CVE-2004-0970
- EPSS 0.37%
- Veröffentlicht 09.02.2005 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:06:46
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.
- EPSS 3.13%
- Veröffentlicht 06.12.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:05:58
gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1...