Vulnerability Description
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bzip | Bzip2 | <= 1.0.5 |
| Libzip2 | Libzip2 | <= 1.0.5 |
Related Weaknesses (CWE)
References
- http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow
- http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bh
- http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.h
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.h
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
- http://marc.info/?l=oss-security&m=128506868510655&w=2
- http://secunia.com/advisories/41452Vendor Advisory
- http://secunia.com/advisories/41505
- http://secunia.com/advisories/42350
- http://secunia.com/advisories/42404
- http://secunia.com/advisories/42405
- http://secunia.com/advisories/42529
- http://secunia.com/advisories/42530
- http://secunia.com/advisories/48378
FAQ
What is CVE-2010-0405?
CVE-2010-0405 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execu...
How severe is CVE-2010-0405?
CVE-2010-0405 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0405?
Check the references section above for vendor advisories and patch information. Affected products include: Bzip Bzip2, Libzip2 Libzip2.