Releases25
Frequency5 months 2 weeks
Last Release
Downloads138M
Bindings to libbzip2 for bzip2 compression and decompression exposed as Reader/Writer streams.

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
< 0.4.47.5 HIGH

The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product.

<= 1.0.69.8 CRITICAL7.5 HIGH

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

= 1.0.66.5 MEDIUM4.3 MEDIUM

Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.