CVE-2006-4334 — gzip - arbitrary code execution

Description

Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.

How to fix CVE-2006-4334

To remediate CVE-2006-4334, upgrade the affected package to a fixed version below.

Debian/gzip—upgrade to 1.3.5-15 or later
Debian/gzip—upgrade to 1.3.5-10sarge2 or later
Debian/gzip—upgrade to 1.3.5-15+etch1 or later

Is CVE-2006-4334 being exploited?

Moderate — EPSS is 9.1%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (3)

from 0, < 1.3.5-15
from 0, < 1.3.5-10sarge2
from 0, < 1.3.5-15+etch1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-4334