Bzip

bzip

11 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Compress Raw Bzip2

compress-raw-bzip2

CVEs (11)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-12900 6Bzip CanonicalDebian+3 more 6Bzip2 Debian LinuxFreebsd+3 more Jun 9, 2025 Jun 19, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
CVE-2016-3189 2Bzip Python 2Bzip2 Python May 6, 2026 Jun 30, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
CVE-2011-4089 1Bzip 1Bzip2 May 6, 2026 Apr 16, 2014 N/A· v4 N/A· v3 4.6 MEDIUM· v2 The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary d...Show more The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.Show less
CVE-2010-0405 2Bzip Libzip2 2Bzip2 Libzip2 Apr 29, 2026 Sep 28, 2010 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code vi...Show more Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.Show less
CVE-2009-1884 1Bzip 1Compress Raw Bzip2 Apr 23, 2026 Aug 19, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip...Show more Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.Show less
CVE-2008-1372 1Bzip 1Bzip2 Apr 23, 2026 Mar 18, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Fo...Show more bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.Show less
CVE-2005-1260 4Apple BzipCanonical+1 more 4Bzip2 Debian LinuxMac Os X+1 more Apr 16, 2026 May 19, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
CVE-2005-0953 1Bzip 1Bzip2 Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 3.7 LOW· v2 Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the deco...Show more Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.Show less
CVE-2002-0761 1Bzip 1Bzip2 Apr 16, 2026 Aug 12, 2002 N/A· v4 N/A· v3 2.1 LOW· v2 bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be...Show more bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.Show less
CVE-2002-0760 1Bzip 1Bzip2 Apr 16, 2026 Aug 12, 2002 N/A· v4 N/A· v3 1.2 LOW· v2 Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is...Show more Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.Show less
CVE-2002-0759 1Bzip 1Bzip2 Apr 16, 2026 Aug 12, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing fi...Show more bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.Show less