CVE-2009-2624

Description

The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.

How to fix CVE-2009-2624

To remediate CVE-2009-2624, upgrade the affected package to a fixed version below.

• Debian/gzip—upgrade to 1.3.12-8 or later

Is CVE-2009-2624 being exploited?

Moderate — EPSS is 7.3%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 1.3.12-8

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2009-2624