Bzip : Security Vulnerabilities, CVEs, CVSS score >= 5
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
Max CVSS
9.8
EPSS Score
1.75%
Published
2019-06-19
Updated
2022-06-27
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
Max CVSS
6.5
EPSS Score
3.57%
Published
2016-06-30
Updated
2022-08-16
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
Max CVSS
5.1
EPSS Score
2.72%
Published
2010-09-28
Updated
2018-10-10
bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
Max CVSS
5.0
EPSS Score
2.03%
Published
2005-05-19
Updated
2020-11-13
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.
Max CVSS
5.0
EPSS Score
0.16%
Published
2002-08-12
Updated
2008-09-05
5 vulnerabilities found