CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22895
https://notcve.org/view.php?id=CVE-2023-22895
10 Jan 2023 — The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product. • https://crates.io/crates/bzip2/versions • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 2%CPEs: 37EXPL: 0CVE-2019-12900 – bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).
https://notcve.org/view.php?id=CVE-2019-12900
19 Jun 2019 — BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. La función BZ2_decompress en el archivo decompress.c en bzip2 hasta 1.0.6, presenta una escritura fuera de límites cuando hay muchos selectores. A data integrity error was found in the Linux Kernel's bzip2 functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompres... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html • CWE-787: Out-of-bounds Write CWE-1214: Data Integrity Issues •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2011-4089 – bzexe (bzip2) - Race Condition
https://notcve.org/view.php?id=CVE-2011-4089
16 Apr 2014 — The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory. El comando bzexe en bzip2 1.0.5 y anteriores genera ejecutables comprimidos que no manejan debidamente archivos temporales durante extracción, lo que permite a usuarios locales ejecutar código arbitrario mediante la precreación de un directorio temporal. • https://www.exploit-db.com/exploits/18147 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.6EPSS: 2%CPEs: 23EXPL: 0CVE-2010-0405 – bzip2: integer overflow flaw in BZ2_decompress
https://notcve.org/view.php?id=CVE-2010-0405
28 Sep 2010 — Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file. Desbordamiento de enteros en la función BZ2_decompress en decompress.c en bzip2 y libbzip2 anterior v1.0.6 permite a atacantes dependientes del contexto causar una denegación de servicio (caída aplicación) o probablemente ejecutar código de su elección a través d... • http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 18%CPEs: 6EXPL: 0CVE-2005-1260
https://notcve.org/view.php?id=CVE-2005-1260
19 May 2005 — bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). • ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc • CWE-400: Uncontrolled Resource Consumption •