Vulnerabilities > GNU > Gzip > 1.2.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-31 | CVE-2022-1271 | Improper Input Validation vulnerability in multiple products An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. | 8.8 |
| 2010-01-29 | CVE-2009-2624 | Improper Input Validation vulnerability in GNU Gzip The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. | 6.8 |
| 2005-05-13 | CVE-2005-0758 | zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. | 4.6 |
| 2005-05-02 | CVE-2005-1228 | Multiple Security vulnerability in Apple Mac OS X Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. | 5.0 |
| 2005-05-02 | CVE-2005-0988 | Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. | 3.7 |
| 2004-12-06 | CVE-2004-0603 | Unspecified vulnerability in GNU Gzip gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332. | 10.0 |
| 2003-07-02 | CVE-2003-0367 | Improper Input Validation vulnerability in multiple products znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 2.1 |
| 2001-11-18 | CVE-2001-1228 | Buffer Overflow vulnerability in GNU Gzip 1.2.4/1.2.4A/1.3 Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server. | 7.5 |