bzip 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk memory corruption and バッファオーバーフロー に関連することが多く、自動展開、アーカイブ処理, and ファイル処理 の文脈で アプリケーションクラッシュ and vendor impact memory corruption などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2019-12900 | BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. | [email protected] | 9.8 | 1.13% | 2019-06-19 | 2025-06-09 |
| CVE-2016-3189 | Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. | [email protected] | 6.5 | 23.71% | 2016-06-30 | 2026-05-06 |
| CVE-2011-4089 | The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory. | [email protected] | 4.6 | 0.22% | 2014-04-16 | 2026-05-06 |
| CVE-2010-0405 | Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file. | [email protected] | 5.1 | 7.69% | 2010-09-28 | 2026-04-29 |
| CVE-2009-1884 | Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391. | [email protected] | 4.3 | 1.26% | 2009-08-19 | 2026-04-23 |
| CVE-2008-1372 | bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats. | [email protected] | 4.3 | 7.74% | 2008-03-18 | 2026-04-23 |
| CVE-2005-1260 | bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). | [email protected] | 5.0 | 9.80% | 2005-05-19 | 2026-04-16 |
| CVE-2005-0953 | Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. | [email protected] | 3.7 | 0.09% | 2005-05-02 | 2026-04-16 |
| CVE-2002-0761 | bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended. | [email protected] | 2.1 | 0.16% | 2002-08-12 | 2026-04-16 |
| CVE-2002-0760 | Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed. | [email protected] | 1.2 | 0.06% | 2002-08-12 | 2026-04-16 |
| CVE-2002-0759 | bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive. | [email protected] | 5.0 | 0.83% | 2002-08-12 | 2026-04-16 |