Vulnerabilities > Bzip > Bzip2 > 1.0.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-06-19 | CVE-2019-12900 | Out-of-bounds Write vulnerability in multiple products BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. | 9.8 |
2014-04-16 | CVE-2011-4089 | Permissions, Privileges, and Access Controls vulnerability in Bzip Bzip2 The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory. | 4.6 |
2008-03-18 | CVE-2008-1372 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bzip Bzip2 bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats. | 4.3 |
2005-05-19 | CVE-2005-1260 | Resource Exhaustion vulnerability in multiple products bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). | 5.0 |
2005-05-02 | CVE-2005-0953 | Unspecified vulnerability in Bzip Bzip2 Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. | 3.7 |