CVE-2008-1372
EPSS 7.7%
Description
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
How to fix CVE-2008-1372
To remediate CVE-2008-1372, upgrade the affected package to a fixed version below.
- Debian/bzip2—upgrade to 1.0.5-0.1 or later
Is CVE-2008-1372 being exploited?
Moderate — EPSS is 7.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.0.5-0.1