Gnu

Gzip

11 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2022-1271

  • EPSS 0.72%
  • Published 31.08.2022 16:15:09
  • Last modified 09.06.2025 15:15:26

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file....

6.8

CVE-2009-2624

  • EPSS 7.32%
  • Published 29.01.2010 18:30:00
  • Last modified 11.04.2025 00:51:21

The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a...

6.8

CVE-2010-0001

  • EPSS 38.19%
  • Published 29.01.2010 18:30:00
  • Last modified 11.04.2025 00:51:21

Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a cra...

4.6

CVE-2005-0758

  • EPSS 0.15%
  • Published 13.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

3.7

CVE-2005-0988

  • EPSS 0.12%
  • Published 02.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip af...

5

CVE-2005-1228

  • EPSS 4.59%
  • Published 02.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.

2.1

CVE-2004-0970

  • EPSS 0.1%
  • Published 09.02.2005 05:00:00
  • Last modified 03.04.2025 01:03:51

The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.

10

CVE-2004-0603

  • EPSS 2.5%
  • Published 06.12.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1...

2.1

CVE-2004-1349

  • EPSS 0.11%
  • Published 04.10.2004 04:00:00
  • Last modified 03.04.2025 01:03:51

gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.

2.1

CVE-2003-0367

  • EPSS 0.14%
  • Published 02.07.2003 04:00:00
  • Last modified 03.04.2025 01:03:51

znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.