debian · CVE-2026-9669

Quick triage

Priority: not yet assigned 公開: Updated: Mon, 13 Jul 2026 06:39:44 GMT

参照: Official debian advisory, NVD, CVE.org · CVE 詳細

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2026-9669 not yet assigned priority: Debian including 4 source packages (python3.11, python3.13, python3.14, python3.9), 7 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5, open 2.

Description:

bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data.

cvelogic Threat Intelligence