FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-1372

This CVE name corresponds to:

Entered Topic
2008-03-20 bzip2 -- crash with certain malformed archive files

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-1372 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-1372
Phase Assigned(20080318)

Description

bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

References

Source Reference
MISC http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
MISC http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/
CONFIRM https://bugs.gentoo.org/attachment.cgi?id=146488&action=view
CONFIRM http://www.bzip.org/CHANGES
FEDORA FEDORA-2008-2970
FEDORA FEDORA-2008-3037
GENTOO GLSA-200804-02
MANDRIVA MDKSA-2008:075
MANDRIVA MDVSA-2008:075
NETBSD NetBSD-SA2008-004
SLACKWARE SSA:2008-098-02
UBUNTU USN-590-1
CERT-VN VU#813451
BID 28286
FRSIRT ADV-2008-0915
SECUNIA 29475
SECUNIA 29410
SECUNIA 29506
SECUNIA 29677
SECUNIA 29698
SECUNIA 29656
SECUNIA 29940
XF bzip2-archives-code-execution(41249)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.