CVE-2006-4336

Tavis Ormandy discovered that gzip did not sufficiently verify the validity of gzip or compress archives while unpacking By tricking an user or automated system into unpacking a specially crafted compressed file, this could be exploited to execute arbitrary code with the user’s privileges ...

Tavis Ormandy from the Google Security Team discovered several vulnerabilities in gzip, the GNU compression utility The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-4334 A null pointer dereference may lead to denial of service if gzip is used in an automated manner CVE-2006-4335 Missing bou ...