Published: 18/03/2008 Updated: 11/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 385

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Subscribe to Bzip2

bzlib.c in bzip2 prior to 1.0.5 allows user-assisted remote malicious users to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bzip bzip2 0.9
bzip bzip2 0.9.5a
bzip bzip2 1.0
bzip bzip2 1.0.1
bzip bzip2 1.0.2
bzip bzip2 0.9_b
bzip bzip2 0.9_c
bzip bzip2 0.9.5d
bzip bzip2 0.9_a
bzip bzip2 0.9.5b
bzip bzip2 0.9.5c
bzip bzip2 1.0.3

Synopsis Moderate: bzip2 security update Type/Severity Security Advisory: Moderate Topic Updated bzip2 packages that fix a security issue are now available for RedHat Enterprise Linux 21, 3, 4, and 5This update has been rated as having moderate security impact by the RedHat Security Response Team ...

Debian Bug report logs - #471670 bzip2: CVE-2008-1372 buffer over-read via crafted archive file Package: bzip2; Maintainer for bzip2 is Anibal Monsalve Salazar <anibal@debianorg>; Source for bzip2 is src:bzip2 (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Wed, 19 Mar 2008 13:30:01 UTC Severi ...

It was discovered that bzip2 did not correctly handle certain malformed archives If a user or automated system were tricked into processing a specially crafted bzip2 archive, applications linked against libbz2 could be made to crash, possibly leading to a denial of service ...

CWE-119 http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html https://bugs.gentoo.org/attachment.cgi?id=146488&action=view http://www.kb.cert.org/vuls/id/813451 http://www.securityfocus.com/bid/28286 http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/http://www.bzip.org/CHANGES http://www.mandriva.com/security/advisories?name=MDVSA-2008:075 http://secunia.com/advisories/29475 http://secunia.com/advisories/29410 http://secunia.com/advisories/29506 http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473263 http://secunia.com/advisories/29677 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00165.html https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00225.html http://secunia.com/advisories/29698 http://www.gentoo.org/security/en/glsa/glsa-200804-02.xml http://secunia.com/advisories/29656 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://secunia.com/advisories/29940 http://secunia.com/advisories/31204 http://www.ipcop.org/index.php?name=News&file=article&sid=40 http://secunia.com/advisories/31869 http://www.redhat.com/support/errata/RHSA-2008-0893.html http://secunia.com/advisories/31878 http://sunsolve.sun.com/search/document.do?assetkey=1-26-241786-1 http://www.securitytracker.com/id?1020867 http://kb.vmware.com/kb/1007504 http://kb.vmware.com/kb/1006982 http://kb.vmware.com/kb/1007198 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0118 http://security.gentoo.org/glsa/glsa-200903-40.xml http://secunia.com/advisories/29497 http://support.apple.com/kb/HT3757 http://secunia.com/advisories/36096 http://www.vupen.com/english/advisories/2009/2172 http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html http://www.us-cert.gov/cas/techalerts/TA09-218A.html http://www.vupen.com/english/advisories/2008/0915 http://www.vupen.com/english/advisories/2008/2557 https://exchange.xforce.ibmcloud.com/vulnerabilities/41249 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6467 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10067 https://usn.ubuntu.com/590-1/http://www.securityfocus.com/archive/1/498863/100/0/threaded http://www.securityfocus.com/archive/1/489968/100/0/threaded https://access.redhat.com/errata/RHSA-2008:0893 https://usn.ubuntu.com/590-1/https://nvd.nist.gov

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook