CVE-2010-0001
ncompress - execution of arbitrary code
EPSS 27.1%
Description
Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
How to fix CVE-2010-0001
To remediate CVE-2010-0001, upgrade the affected package to a fixed version below.
- Debian/gzip—upgrade to 1.3.12-9 or later
- Debian/ncompress—upgrade to 4.2.4.3-1 or later
- —upgrade to 4.2.4.2-1+lenny1 or later
Is CVE-2010-0001 being exploited?
Moderate — EPSS is 27.1%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 1.3.12-9
- from 0, < 4.2.4.3-1
- from 0, < 4.2.4.2-1+lenny1