Releases2
Frequency9 months 2 weeks
Last Release
A npm package of a bunzip implementation in pure javascript

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
< 0.4.47.5 HIGH

The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product.

<= 1.0.69.8 CRITICAL7.5 HIGH

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

= 1.0.66.5 MEDIUM4.3 MEDIUM

Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.

= 1.0, <= 1.0.4, = 1.0.3, = 1.0.2, = 1.0.14.6 MEDIUM

The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.