CVE-2010-0405

Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.

Published: Sep 28, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-0405
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P

CWEs:

CWE-189

Affected Software
References

Software	From	Fixed in
bzip / bzip2	1.0	1.0.x
bzip / bzip2	0.9.5_a	0.9.5_a.x
bzip / bzip2	0.9.5_d	0.9.5_d.x
bzip / bzip2	0.9.5_c	0.9.5_c.x
bzip / bzip2	0.9_a	0.9_a.x
bzip / bzip2	0.9.5d	0.9.5d.x
bzip / bzip2	0.9.0a	0.9.0a.x
bzip / bzip2	0.9.0	0.9.0.x
bzip / bzip2	0.9_c	0.9_c.x
bzip / bzip2	1.0.3	1.0.3.x
bzip / bzip2	1.0.2	1.0.2.x
bzip / bzip2	0.9.5a	0.9.5a.x
bzip / bzip2	0.9.5b	0.9.5b.x
libzip2 / libzip2	-	1.0.5.x
bzip / bzip2	0.9.0c	0.9.0c.x
bzip / bzip2	0.9	0.9.x
bzip / bzip2	1.0.1	1.0.1.x
bzip / bzip2	0.9.5c	0.9.5c.x
bzip / bzip2	0.9_b	0.9_b.x
bzip / bzip2	0.9.5_b	0.9.5_b.x
bzip / bzip2	1.0.4	1.0.4.x
bzip / bzip2	0.9.0b	0.9.0b.x
bzip / bzip2	-	1.0.5.x

Vulnerability Database

289,599

CVE-2010-0405