NotCVE - vendor:"Bzip" product:"Bzip2" version:"1.0.4"

3 results (0.002 seconds)

CVSS: 9.8EPSS: 1%CPEs: 37EXPL: 0

CVE-2019-12900 – bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).

https://notcve.org/view.php?id=CVE-2019-12900

19 Jun 2019 — BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. La función BZ2_decompress en el archivo decompress.c en bzip2 hasta 1.0.6, presenta una escritura fuera de límites cuando hay muchos selectores. A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of dec... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html • CWE-787: Out-of-bounds Write CWE-1214: Data Integrity Issues •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2

CVE-2011-4089 – bzexe (bzip2) - Race Condition

https://notcve.org/view.php?id=CVE-2011-4089

16 Apr 2014 — The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory. El comando bzexe en bzip2 1.0.5 y anteriores genera ejecutables comprimidos que no manejan debidamente archivos temporales durante extracción, lo que permite a usuarios locales ejecutar código arbitrario mediante la precreación de un directorio temporal. • https://www.exploit-db.com/exploits/18147 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.6EPSS: 9%CPEs: 23EXPL: 0

CVE-2010-0405 – bzip2: integer overflow flaw in BZ2_decompress

https://notcve.org/view.php?id=CVE-2010-0405

28 Sep 2010 — Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file. Desbordamiento de enteros en la función BZ2_decompress en decompress.c en bzip2 y libbzip2 anterior v1.0.6 permite a atacantes dependientes del contexto causar una denegación de servicio (caída aplicación) o probablemente ejecutar código de su elección a través d... • http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •