iczelia/bzip3

iczelia/bzip3

Releases24

Frequency1 month 3 weeks

Last Release 10 months ago

Stars1.21K

A better and stronger spiritual successor to BZip2.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-29415 ↗	Apr 6, 2023Thursday, 6 April 2023, 05:15	6.5 MEDIUM	—
An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.
CVE-2023-29416 ↗	Apr 6, 2023Thursday, 6 April 2023, 05:15	6.5 MEDIUM	—
An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_decode_block out-of-bounds write can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.
CVE-2023-29417 ↗	Apr 6, 2023Thursday, 6 April 2023, 05:15	6.5 MEDIUM	—
An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can only occur for a contract violation, and thus the report is invalid.
CVE-2023-29418 ↗	Apr 6, 2023Thursday, 6 April 2023, 05:15	6.5 MEDIUM	—
An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read.
CVE-2023-29419 ↗	Apr 6, 2023Thursday, 6 April 2023, 05:15	6.5 MEDIUM	—
An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3_decode_block out-of-bounds read.
CVE-2023-29420 ↗	Apr 6, 2023Thursday, 6 April 2023, 05:15	6.5 MEDIUM	—
An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a crash caused by an invalid memmove in bz3_decode_block.
CVE-2023-29421 ↗	Apr 6, 2023Thursday, 6 April 2023, 05:15	8.8 HIGH	—
An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-bounds write in bz3_decode_block.