CVE-2006-4335

Publication date 19 September 2006

Last updated 24 July 2024

Ubuntu priority

Unknown

Why this priority?

Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a “stack modification vulnerability.”

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
gzip 9.10 karmic
Fixed 1.3.5-14ubuntu1
9.04 jaunty
Fixed 1.3.5-14ubuntu1
8.10 intrepid
Fixed 1.3.5-14ubuntu1
8.04 LTS hardy
Fixed 1.3.5-14ubuntu1
7.10 gutsy
Fixed 1.3.5-14ubuntu1
7.04 feisty
Fixed 1.3.5-14ubuntu1
6.10 edgy
Fixed 1.3.5-14ubuntu1
6.06 LTS dapper
Fixed 1.3.5-12ubuntu0.1
lha 9.10 karmic
Fixed 1.14i-10.1
9.04 jaunty
Fixed 1.14i-10.1
8.10 intrepid
Fixed 1.14i-10.1
8.04 LTS hardy
Fixed 1.14i-10.1
7.10 gutsy
Fixed 1.14i-10.1
7.04 feisty
Fixed 1.14i-10.1
6.10 edgy Ignored end of life, was needed
6.06 LTS dapper Ignored end of life

References

Related Ubuntu Security Notices (USN)

    • USN-349-1
    • gzip vulnerabilities
    • 20 September 2006

Other references