Gnu

Gzip

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.15%
  • Veröffentlicht 29.06.2026 10:15:57
  • Zuletzt bearbeitet 01.07.2026 14:02:20

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is share...

  • EPSS 0.12%
  • Veröffentlicht 29.06.2026 10:15:50
  • Zuletzt bearbeitet 01.07.2026 14:02:24

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID (PI...

  • EPSS 4.27%
  • Veröffentlicht 31.08.2022 16:15:09
  • Zuletzt bearbeitet 09.06.2025 15:15:26

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file....

  • EPSS 4.18%
  • Veröffentlicht 29.01.2010 18:30:00
  • Zuletzt bearbeitet 16.06.2026 23:09:51

The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a...

  • EPSS 4.77%
  • Veröffentlicht 29.01.2010 18:30:00
  • Zuletzt bearbeitet 16.06.2026 23:15:11

Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a cra...

  • EPSS 0.53%
  • Veröffentlicht 13.05.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:11:42

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

  • EPSS 0.66%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:12:10

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip af...

  • EPSS 3.58%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:12:41

Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.

  • EPSS 0.37%
  • Veröffentlicht 09.02.2005 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:06:46

The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.

  • EPSS 3.13%
  • Veröffentlicht 06.12.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:05:58

gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1...