bzip bzip2 1.0.2

CPE Details

bzip bzip2 1.0.2
bzip
bzip2
1.0.2
2020-11-17
19h37 +00:00
2020-11-17
19h37 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:bzip:bzip2:1.0.2:*:*:*:*:*:*:*

Informations

Vendor

bzip

Product

bzip2

Version

1.0.2

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2019-12900 2019-06-19 20h07 +00:00 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
9.8
Critique
CVE-2011-4089 2014-04-16 16h00 +00:00 The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.
4.6
CVE-2010-0405 2010-09-28 15h00 +00:00 Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
5.1
CVE-2008-1372 2008-03-18 20h00 +00:00 bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
4.3
CVE-2005-1260 2005-05-19 02h00 +00:00 bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
5
CVE-2005-0953 2005-04-03 03h00 +00:00 Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
3.7