CVE-2006-4337

Debian Bug report logs - #401301 lha: LHa Multiple Vulnerabilities Package: lha; Maintainer for lha is (unknown); Reported by: Stefan Fritsch <sf@sfritschde> Date: Sat, 2 Dec 2006 13:03:11 UTC Severity: grave Tags: security Found in version lha/114i-10 Fixed in version 114i-101 Done: Moritz Muehlenhoff <jmm@inuti ...

Tavis Ormandy discovered that gzip did not sufficiently verify the validity of gzip or compress archives while unpacking By tricking an user or automated system into unpacking a specially crafted compressed file, this could be exploited to execute arbitrary code with the user’s privileges ...

Tavis Ormandy from the Google Security Team discovered several vulnerabilities in gzip, the GNU compression utility The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-4334 A null pointer dereference may lead to denial of service if gzip is used in an automated manner CVE-2006-4335 Missing bou ...