CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-1271 – Tukaani XZ Utils xzgrep Argument Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-1271
12 Apr 2022 — An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep... • https://access.redhat.com/security/cve/CVE-2022-1271 • CWE-20: Improper Input Validation CWE-179: Incorrect Behavior Order: Early Validation CWE-1173: Improper Use of Validation Framework •
CVSS: 6.8EPSS: 6%CPEs: 15EXPL: 0CVE-2009-2624 – Gentoo Linux Security Advisory 201412-08
https://notcve.org/view.php?id=CVE-2009-2624
29 Jan 2010 — The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression. La función huft_build en inflate.c en gzip anterior a v1.3.13 crea una tabla hufts (también conocido como huffman) demasiado pequeña, lo que permite a atacantes remotos provocar una dene... • http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 12%CPEs: 16EXPL: 0CVE-2010-0001 – gzip: (64 bit) Integer underflow by decompressing LZW format files
https://notcve.org/view.php?id=CVE-2010-0001
29 Jan 2010 — Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error. Desbordamiento de entero en la función unlzw en unlzw.c en gzip anterior a v1.4 sobre las plataformas de 64 bits, permiten a atacantes remotos provocar una denegación de servicio (caída de ... • http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=a3db5806d012082b9e25cc36d09f19cd736a468f • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 0CVE-2006-4334
https://notcve.org/view.php?id=CVE-2006-4334
19 Sep 2006 — Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference. Vulnerabilidad no especificada en gzip 1.3.5 permite a atacantes dependientes de contexto causar una denegación de servicio (caída) vía un archivo GZIP (gz) artesanal, lo cual resulta en una referencia a NULL. • ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2006-4335 – multiple vulnerabilities in lha
https://notcve.org/view.php?id=CVE-2006-4335
19 Sep 2006 — Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability." Error de índice de array en la función make_table en unlzh.c en el componente de descompresión LZH en gzip 1.3.5, cuando se ejecuta en ciertas plataformas, ... • ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2006-4336 – multiple vulnerabilities in lha
https://notcve.org/view.php?id=CVE-2006-4336
19 Sep 2006 — Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index. Desbordamiento de búfer en la función build_tree en gzip 1.3.5 permite a atacantes dependientes de contexto ejecutar código de su elección vía una tabla de contadores de hoja artesanal que provoca una escritura en un índice negativo. • ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2006-4337 – multiple vulnerabilities in lha
https://notcve.org/view.php?id=CVE-2006-4337
19 Sep 2006 — Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive. Desbordamiento de búfer en la función make_table en el componente LHZ en gzip 1.3.5 permite a atacantes dependientes de contexto ejecutar código de su elección vía una tabla de decodificación artesanal en un archivo GZIP. • ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc •
CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 0CVE-2006-4338
https://notcve.org/view.php?id=CVE-2006-4338
19 Sep 2006 — unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive. unlzh.c en el componente LHZ en gzip 1.3.5 permite a atacantes dependientes de contexto provocar una denegación de servicio (bucle infinito) vía un archivo GZIP artesanal. • ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2005-0758
https://notcve.org/view.php?id=CVE-2005-0758
13 May 2005 — zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt •
CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 0CVE-2005-1228
https://notcve.org/view.php?id=CVE-2005-1228
22 Apr 2005 — Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt •