CVE-2010-0001
gzip: (64 bit) Integer underflow by decompressing LZW format files
Severity Score
10.0
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
Desbordamiento de entero en la función unlzw en unlzw.c en gzip anterior a v1.4 sobre las plataformas de 64 bits, permiten a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su elección a través de un archivo manipulado que emplea la compresión LZW, permitiendo a un array indexar el error.
This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-12-14 CVE Reserved
- 2010-01-29 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (32)
| URL | Tag | Source |
|---|---|---|
| http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=a3db5806d012082b9e25cc36d09f19cd736a468f | X_refsource_confirm | |
| http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | X_refsource_confirm | |
| http://ncompress.sourceforge.net/#status | X_refsource_confirm | |
| http://savannah.gnu.org/forum/forum.php?forum_id=6153 | X_refsource_confirm | |
| http://secunia.com/advisories/40551 | Third Party Advisory | |
| http://secunia.com/advisories/40655 | Third Party Advisory | |
| http://secunia.com/advisories/40689 | Third Party Advisory | |
| http://securitytracker.com/id?1023490 | Vdb Entry | |
| http://support.apple.com/kb/HT4435 | X_refsource_confirm |
|
| http://www.osvdb.org/61869 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2010/1796 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2010/1872 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10546 | Signature | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7511 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnu Search vendor "Gnu" | Gzip Search vendor "Gnu" for product "Gzip" | <= 1.3.13 Search vendor "Gnu" for product "Gzip" and version " <= 1.3.13" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gzip Search vendor "Gnu" for product "Gzip" | 1.2.4 Search vendor "Gnu" for product "Gzip" and version "1.2.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gzip Search vendor "Gnu" for product "Gzip" | 1.2.4a Search vendor "Gnu" for product "Gzip" and version "1.2.4a" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gzip Search vendor "Gnu" for product "Gzip" | 1.3 Search vendor "Gnu" for product "Gzip" and version "1.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gzip Search vendor "Gnu" for product "Gzip" | 1.3.1 Search vendor "Gnu" for product "Gzip" and version "1.3.1" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gzip Search vendor "Gnu" for product "Gzip" | 1.3.2 Search vendor "Gnu" for product "Gzip" and version "1.3.2" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gzip Search vendor "Gnu" for product "Gzip" | 1.3.3 Search vendor "Gnu" for product "Gzip" and version "1.3.3" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gzip Search vendor "Gnu" for product "Gzip" | 1.3.4 Search vendor "Gnu" for product "Gzip" and version "1.3.4" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gzip Search vendor "Gnu" for product "Gzip" | 1.3.5 Search vendor "Gnu" for product "Gzip" and version "1.3.5" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gzip Search vendor "Gnu" for product "Gzip" | 1.3.6 Search vendor "Gnu" for product "Gzip" and version "1.3.6" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gzip Search vendor "Gnu" for product "Gzip" | 1.3.7 Search vendor "Gnu" for product "Gzip" and version "1.3.7" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gzip Search vendor "Gnu" for product "Gzip" | 1.3.8 Search vendor "Gnu" for product "Gzip" and version "1.3.8" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gzip Search vendor "Gnu" for product "Gzip" | 1.3.9 Search vendor "Gnu" for product "Gzip" and version "1.3.9" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gzip Search vendor "Gnu" for product "Gzip" | 1.3.10 Search vendor "Gnu" for product "Gzip" and version "1.3.10" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gzip Search vendor "Gnu" for product "Gzip" | 1.3.11 Search vendor "Gnu" for product "Gzip" and version "1.3.11" | - |
Affected
| ||||||
| Gnu Search vendor "Gnu" | Gzip Search vendor "Gnu" for product "Gzip" | 1.3.12 Search vendor "Gnu" for product "Gzip" and version "1.3.12" | - |
Affected
| ||||||