MidnightBSD

Advisories for bzip

CVE-2002-0759 MEDIUM

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
bzip bzip2 0.9.0a
bzip bzip2 1.0.1
bzip bzip2 0.9.0
bzip bzip2 0.9.5d
bzip bzip2 0.9.5a
bzip bzip2 0.9.5b
bzip bzip2 0.9.0b
bzip bzip2 1.0
bzip bzip2 0.9.5c
bzip bzip2 0.9.0c
CVE-2002-0760 LOW

Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
bzip bzip2 0.9.0a
bzip bzip2 1.0.1
bzip bzip2 0.9.0
bzip bzip2 0.9.5d
bzip bzip2 0.9.5a
bzip bzip2 0.9.5b
bzip bzip2 0.9.0b
bzip bzip2 1.0
bzip bzip2 0.9.5c
bzip bzip2 0.9.0c
CVE-2002-0761 LOW

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
bzip bzip2 0.9.0a
bzip bzip2 1.0.1
bzip bzip2 0.9.0
bzip bzip2 0.9.5d
bzip bzip2 0.9.5a
bzip bzip2 0.9.5b
bzip bzip2 0.9.0b
bzip bzip2 1.0
bzip bzip2 0.9.5c
bzip bzip2 0.9.0c
CVE-2005-0953 LOW

Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
bzip bzip2 0.9_b
bzip bzip2 1.0.1
bzip bzip2 0.9.5_a
bzip bzip2 1.0.2
bzip bzip2 0.9_a
bzip bzip2 1.0
bzip bzip2 0.9.5_b
bzip bzip2 0.9.5_d
bzip bzip2 0.9
bzip bzip2 0.9_c
bzip bzip2 0.9.5_c
CVE-2005-1260 MEDIUM

bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
canonical ubuntu_linux 4.10
debian debian_linux 3.0
apple mac_os_x *
debian debian_linux 3.1
canonical ubuntu_linux 5.04
bzip bzip2 *
CVE-2009-1884 MEDIUM

Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
bzip compress-raw-bzip2 2.0.03
bzip compress-raw-bzip2 2.015
bzip compress-raw-bzip2 2.0.05
bzip compress-raw-bzip2 2.0.06
bzip compress-raw-bzip2 2.011
bzip compress-raw-bzip2 2.0.00_12
bzip compress-raw-bzip2 2.0.01
bzip compress-raw-bzip2 2.014
bzip compress-raw-bzip2 2.0.02
bzip compress-raw-bzip2 2.0.00_10
bzip compress-raw-bzip2 2.012
bzip compress-raw-bzip2 2.0.08
bzip compress-raw-bzip2 2.010
bzip compress-raw-bzip2 *
bzip compress-raw-bzip2 2.0.00_14
bzip compress-raw-bzip2 2.0.09
CVE-2010-0405 MEDIUM

Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
bzip bzip2 0.9.0a
bzip bzip2 1.0.1
bzip bzip2 0.9.5a
bzip bzip2 0.9.0b
bzip bzip2 0.9.5_b
bzip bzip2 0.9.5c
bzip bzip2 0.9
bzip bzip2 0.9_c
bzip bzip2 0.9.0c
bzip bzip2 1.0.4
bzip bzip2 *
bzip bzip2 0.9.5_c
bzip bzip2 1.0.3
bzip bzip2 0.9_b
bzip bzip2 0.9.0
bzip bzip2 0.9.5d
bzip bzip2 0.9.5_a
bzip bzip2 0.9.5b
bzip bzip2 1.0.2
bzip bzip2 0.9_a
bzip bzip2 1.0
bzip bzip2 0.9.5_d
libzip2 libzip2 *
CVE-2016-3189 MEDIUM

Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,CWE-416,

Products Affected

Vendor Product Version
python python *
bzip bzip2 1.0.6
CVE-2019-12900 HIGH

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
opensuse leap 15.1
freebsd freebsd 11.2
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
python python *
canonical ubuntu_linux 19.04
bzip bzip2 *
freebsd freebsd 12.0
opensuse leap 15.0
freebsd freebsd 11.3
canonical ubuntu_linux 12.04
debian debian_linux 8.0