GNU Gzip 1.3.3

CPE Details

GNU Gzip 1.3.3
gnu
gzip
1.3.3
2007-08-23
19h16 +00:00
2023-06-06
17h01 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnu:gzip:1.3.3:*:*:*:*:*:*:*

Informations

Vendor

gnu

Product

gzip

Version

1.3.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-1271 2022-08-31 13h33 +00:00 An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
8.8
High
CVE-2009-2624 2010-01-29 17h00 +00:00 The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.
6.8
CVE-2010-0001 2010-01-29 17h00 +00:00 Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
6.8
CVE-2005-0758 2005-05-13 02h00 +00:00 zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
4.6
CVE-2005-1228 2005-04-22 02h00 +00:00 Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.
5
CVE-2005-0988 2005-04-06 02h00 +00:00 Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.
3.7
CVE-2004-0603 2004-06-30 02h00 +00:00 gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.
10
CVE-2003-0367 2003-06-10 02h00 +00:00 znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
2.1