CVSS: 9.8EPSS: 1%CPEs: 37EXPL: 0CVE-2019-12900 – bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).
https://notcve.org/view.php?id=CVE-2019-12900
19 Jun 2019 — BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. La función BZ2_decompress en el archivo decompress.c en bzip2 hasta 1.0.6, presenta una escritura fuera de límites cuando hay muchos selectores. A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of dec... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html • CWE-787: Out-of-bounds Write CWE-1214: Data Integrity Issues •
CVSS: 6.5EPSS: 11%CPEs: 5EXPL: 0CVE-2016-3189 – FreeBSD Security Advisory - FreeBSD-SA-19:18.bzip2
https://notcve.org/view.php?id=CVE-2016-3189
30 Jun 2016 — Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. Vulnerabilidad de uso después de liberación de memoria en bzip2recover en bzip2 1.0.6 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo bzip2 manipulado, relacionado con el establecimiento de extremos de bloque antes del inicio del bloque. The decompressor use... • http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 3CVE-2011-4089 – bzexe (bzip2) - Race Condition
https://notcve.org/view.php?id=CVE-2011-4089
06 Nov 2011 — The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory. El comando bzexe en bzip2 1.0.5 y anteriores genera ejecutables comprimidos que no manejan debidamente archivos temporales durante extracción, lo que permite a usuarios locales ejecutar código arbitrario mediante la precreación de un directorio temporal. vladz discovered that execu... • https://packetstorm.news/files/id/106636 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.6EPSS: 9%CPEs: 23EXPL: 0CVE-2010-0405 – bzip2: integer overflow flaw in BZ2_decompress
https://notcve.org/view.php?id=CVE-2010-0405
21 Sep 2010 — Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file. Desbordamiento de enteros en la función BZ2_decompress en decompress.c en bzip2 y libbzip2 anterior v1.0.6 permite a atacantes dependientes del contexto causar una denegación de servicio (caída aplicación) o probablemente ejecutar código de su elección a través d... • http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 1%CPEs: 17EXPL: 0CVE-2009-1884 – Gentoo Linux Security Advisory 200908-7
https://notcve.org/view.php?id=CVE-2009-1884
18 Aug 2009 — Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391. Error de superación de límite (Off-by-one) en la función bzinflate en Bzip2.xs en el módulo Compress-Raw-Bzip2 anterior a v2.018 para Perl permite a atacantes dependientes de contexto producir una denegaci... • http://secunia.com/advisories/36386 • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 7%CPEs: 12EXPL: 1CVE-2008-1372 – bzip2: crash on malformed archive file
https://notcve.org/view.php?id=CVE-2008-1372
18 Mar 2008 — bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats. El archivo bzlib.c en bzip2 versiones anteriores a 1.0.5, permite a los atacantes remotos asistidos por el usuario causar una denegación de servicio (bloqueo) por medio de un archivo diseñado que activa una lectura excesiva del búfer, como es demostrado por el conjunto de pruebas PROT... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 9%CPEs: 6EXPL: 0CVE-2005-1260
https://notcve.org/view.php?id=CVE-2005-1260
19 May 2005 — bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). • ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2005-0953 – OpenPKG Security Advisory 2007.2
https://notcve.org/view.php?id=CVE-2005-0953
03 Apr 2005 — Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. Together with two portability and stability issues, two older security issues were fixed in the compression tool BZip2, versions up to and including 1.0.3. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2002-0761
https://notcve.org/view.php?id=CVE-2002-0761
12 Aug 2002 — bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended. bzip2 anterioes a 1.0.2 en FreeBSD 4.5 y anteriores, y otros Sistemas Operativos, utilizan los permisos de enlaces simbólicos (symbolic links) en lugar de los del archivo actual cuando crea un nuevo fichero, lo cual podría causar qu... • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt •
CVSS: 4.7EPSS: 0%CPEs: 10EXPL: 0CVE-2002-0760
https://notcve.org/view.php?id=CVE-2002-0760
12 Aug 2002 — Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed. Condición de Carrera (Race condition) en bzip2 anteriores a 1.0.2 en FreeBSD 4.5 y anteriores, y otros Sistemas Operativos, descomprime ficheros con permiso de lectura a todo el m... • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt •