Published: 19/05/2005 Updated: 13/11/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

bzip2 allows remote malicious users to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").

Vulnerable Product	Search on Vulmon	Subscribe to Product
bzip bzip2
canonical ubuntu linux 4.10
canonical ubuntu linux 5.04
debian debian linux 3.0
debian debian linux 3.1
apple mac os x

Synopsis bzip2 security update Type/Severity Security Advisory: Low Topic Updated bzip2 packages that fix multiple issues are now availableThis update has been rated as having low security impact by the Red HatSecurity Response Team[Updated 13 February 2006]Replacement bzip2 packages for Red Hat Enterpris ...

Imran Ghory discovered a race condition in the file permission restore code of bunzip2 While a user was decompressing a file, a local attacker with write permissions in the directory of that file could replace the target file with a hard link This would cause bzip2 to restore the file permissions to the hard link target instead of to the bzip2 ou ...

CWE-400 http://www.debian.org/security/2005/dsa-741 http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html http://www.redhat.com/support/errata/RHSA-2005-474.html ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc http://www.securityfocus.com/bid/13657 http://secunia.com/advisories/19183 http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1 http://www.us-cert.gov/cas/techalerts/TA07-319A.html http://www.securityfocus.com/bid/26444 http://secunia.com/advisories/15447 http://secunia.com/advisories/27274 http://secunia.com/advisories/27643 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1 http://www.vupen.com/english/advisories/2007/3868 http://www.vupen.com/english/advisories/2007/3525 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A749 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10700 https://usn.ubuntu.com/127-1/https://access.redhat.com/errata/RHSA-2005:474 https://usn.ubuntu.com/127-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-1260

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect