Vulnerabilities > GNU > Gzip
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-31 | CVE-2022-1271 | Improper Input Validation vulnerability in multiple products An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. | 8.8 |
2010-01-29 | CVE-2009-2624 | Improper Input Validation vulnerability in GNU Gzip The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. | 6.8 |
2005-05-13 | CVE-2005-0758 | zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. | 4.6 |
2005-05-02 | CVE-2005-1228 | Multiple Security vulnerability in Apple Mac OS X Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. | 5.0 |
2005-05-02 | CVE-2005-0988 | Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. | 3.7 |
2005-02-09 | CVE-2004-0970 | Insecure Temporary File Creation vulnerability in GNU Gzip 1.2.4A The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. | 2.1 |
2004-12-06 | CVE-2004-0603 | Unspecified vulnerability in GNU Gzip gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332. | 10.0 |
2003-07-02 | CVE-2003-0367 | Improper Input Validation vulnerability in multiple products znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 2.1 |
2001-11-18 | CVE-2001-1228 | Buffer Overflow vulnerability in GNU Gzip 1.2.4/1.2.4A/1.3 Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server. | 7.5 |