RSS   Vulnerabilities for 'GZIP'   RSS

2010-01-29
 
CVE-2010-0001

 

 
Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.

 
 
CVE-2009-2624

CWE-20
 

 
The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.

 
2005-05-02
 
CVE-2005-1228

 

 
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.

 
 
CVE-2005-0988

 

 
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

 
2005-05-13
 
CVE-2005-0758

 

 
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

 
2005-02-09
 
CVE-2004-0970

 

 
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.

 
2004-12-06
 
CVE-2004-0603

 

 
gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.

 
2003-07-02
 
CVE-2003-0367

CWE-20
 

 
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.

 
2001-11-18
 
CVE-2001-1228

 

 
Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server.

 

 >>> Vendor: GNU 108 Products
INET
LIBC
Fingerd
Radius
WGET
BASH
Finger service
Gnumeric
GCC
MAKE
Emacs
Glibc
CVS
Mailman
Userv
Groff
Cfengine
Global
Privacy guard
ED
G++
Findutils
GZIP
TAR
Xemacs
Enscript
ZLIB
Sharutils
Chess
Fileutils
Flash player
GV
Screen
Data display debugger
Zebra
LSH
Libtool
Anubis
Libtasn1
FLIM
Aspell
Queue
Ksymoops
Gnats
Gettext
Mailutils
A2PS
Realtime linux security module
LESS
Gnubiff
Gnutls
Punbb
GIMP
Coreutils
CPIO
GDB
Phpbook
Texinfo
Gnump3d
Libextractor
Binutils
Libtool-ltdl
Gpgme
Gnumail
Iceweasel
Tramp
Libcdio
M4
SCCS
Grub legacy
ADNS
Ibackup
Escript
Classpath
Gnu screen
Automake
Grub 2
NANO
Gnash
Gnu patch
Eglibc
Libiberty
GREP
Libmicrohttpd
RUSH
GRUB
Readline
Patch
Parallel
Libidn
Grub2
Guile
OSIP
Gnutls libtasn1
Libssp
Ncurses
PSPP
Guixsd
Recutils
Libredwg
See all Products for Vendor GNU


Copyright 2024, cxsecurity.com

 

Back to Top