Gnu Gzip
11 CVEs affecting Gnu Gzip. Latest disclosed: 2022-08-31. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-1271 | High | 8.8 | 2022-08-31 | An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted f… |
CVE-2010-0001 | | 2010-01-29 | Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to… | |
CVE-2009-2624 | | 2010-01-29 | The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a deni… | |
CVE-2005-0758 | | 2005-05-13 | zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a… | |
CVE-2005-1228 | | 2005-05-02 | Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the… | |
CVE-2005-0988 | | 2005-05-02 | Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard lin… | |
CVE-2004-0970 | | 2005-02-09 | The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a sy… | |
CVE-2004-0603 | | 2004-12-06 | gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attack… | |
CVE-2004-1349 | | 2004-10-04 | gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which all… | |
CVE-2003-0367 | | 2003-07-02 | znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |
CVE-2001-1228 | | 2001-11-18 | Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP… |