CVE-2010-0405

Priority
Description
Integer overflow in the BZ2_decompress function in decompress.c in bzip2
and libbzip2 before 1.0.6 allows context-dependent attackers to cause a
denial of service (application crash) or possibly execute arbitrary code
via a crafted compressed file.
Notes
 jdstrand> dump and dpkg use a statically linked bzip2 so simply need to be
  recompiled
Assigned-to
jdstrand
Package
Source: bzip2 (LP Ubuntu Debian)
Upstream:released (1.0.6)
Package
Upstream:needs-triage
Package
Source: dpkg (LP Ubuntu Debian)
Upstream:not-affected
Package
Source: dump (LP Ubuntu Debian)
Upstream:not-affected
More Information

Updated: 2019-01-14 21:51:34 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)