CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| < 0.4.4 | 7.5 HIGH | — | ||
The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product. | ||||
| <= 1.0.6 | 9.8 CRITICAL | 7.5 HIGH | ||
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. | ||||
| = 1.0.6 | 6.5 MEDIUM | 4.3 MEDIUM | ||
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. | ||||
| = 1.0, <= 1.0.4, = 1.0.3, = 1.0.2, = 1.0.1 | — | 4.6 MEDIUM | ||
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory. | ||||