Published: 28/09/2010 Updated: 07/11/2023

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

VMScore: 454

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 prior to 1.0.6 allows context-dependent malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bzip bzip2 1.0
bzip bzip2 0.9.5_a
bzip bzip2 0.9.5_d
bzip bzip2 0.9.5_c
bzip bzip2 0.9_a
bzip bzip2 0.9.5d
bzip bzip2 0.9.0a
bzip bzip2 0.9.0
bzip bzip2 0.9_c
bzip bzip2 1.0.3
bzip bzip2 1.0.2
bzip bzip2 0.9.5a
bzip bzip2 0.9.5b
libzip2 libzip2
bzip bzip2 0.9.0c
bzip bzip2 0.9
bzip bzip2 1.0.1
bzip bzip2 0.9.5c
bzip bzip2 0.9_b
bzip bzip2 0.9.5_b
bzip bzip2 1.0.4
bzip bzip2 0.9.0b
bzip bzip2

Synopsis Important: bzip2 security update Type/Severity Security Advisory: Important Topic Updated bzip2 packages that fix one security issue are now available forRed Hat Enterprise Linux 3, 4, and 5The Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vulner ...

dpkg could be made to run programs as your login if it opened a specially crafted file ...

bzip2 could be made to run programs as your login if it opened a specially crafted file ...

ClamAV could be made to run programs as your login if it opened a specially crafted file ...

CWE-189 http://www.ubuntu.com/usn/USN-986-3 https://bugzilla.redhat.com/show_bug.cgi?id=627882 http://secunia.com/advisories/41452 http://secunia.com/advisories/41505 http://www.redhat.com/support/errata/RHSA-2010-0703.html http://marc.info/?l=oss-security&m=128506868510655&w=2 http://www.bzip.org/http://www.ubuntu.com/usn/USN-986-2 http://www.ubuntu.com/usn/usn-986-1 http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231 http://www.vupen.com/english/advisories/2010/2455 http://secunia.com/advisories/42350 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html http://secunia.com/advisories/42404 http://secunia.com/advisories/42405 http://www.redhat.com/support/errata/RHSA-2010-0858.html http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://www.vupen.com/english/advisories/2010/3043 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html http://www.vupen.com/english/advisories/2010/3052 http://secunia.com/advisories/42530 http://www.vupen.com/english/advisories/2010/3126 http://www.vupen.com/english/advisories/2010/3127 http://www.vupen.com/english/advisories/2010/3073 http://www.vmware.com/security/advisories/VMSA-2010-0019.html http://secunia.com/advisories/42529 http://support.apple.com/kb/HT4581 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://secunia.com/advisories/48378 http://security.gentoo.org/glsa/glsa-201301-05.xml http://www.securityfocus.com/archive/1/515055/100/0/threaded http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.3 https://access.redhat.com/errata/RHSA-2010:0703 https://nvd.nist.gov https://usn.ubuntu.com/986-3/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-0405

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect