CVE-2010-0405
bzip2 - integer overflow
EPSS 7.7%
Description
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
How to fix CVE-2010-0405
To remediate CVE-2010-0405, upgrade the affected package to a fixed version below.
- Debian/bzip2—upgrade to 1.0.5-6 or later
- Debian/bzip2—upgrade to 1.0.5-1+lenny1 or later
- Debian/clamav—upgrade to 0.96.3+dfsg-1 or later
Is CVE-2010-0405 being exploited?
Moderate — EPSS is 7.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 1.0.5-6
- from 0, < 1.0.5-1+lenny1
- from 0, < 0.96.3+dfsg-1