CVE-2010-0405 (retired)

Priority
Description
Integer overflow in the BZ2_decompress function in decompress.c in bzip2
and libbzip2 before 1.0.6 allows context-dependent attackers to cause a
denial of service (application crash) or possibly execute arbitrary code
via a crafted compressed file.
Notes
 jdstrand> dump and dpkg use a statically linked bzip2 so simply need to be
  recompiled
Assigned-to
jdstrand
Package
Source: bzip2 (LP Ubuntu Debian)
Upstream:released (1.0.6)
Package
Upstream:needs-triage
Package
Source: dpkg (LP Ubuntu Debian)
Upstream:not-affected
Package
Source: dump (LP Ubuntu Debian)
Upstream:not-affected
More Information

Updated: 2019-03-26 11:50:36 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)