FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-0405

This CVE name corresponds to:

Entered	Topic
2010-10-25	bzip2 -- integer overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2010-0405 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2010-0405
Phase	Assigned(20100127)

Description

Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.

References

Source	Reference
BUGTRAQ	20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console
MLIST	[oss-security] 20100921 bzip2 CVE-2010-0405 integer overflow
CONFIRM	http://www.bzip.org/
CONFIRM	http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=627882
CONFIRM	http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96.3
CONFIRM	https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230
CONFIRM	https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231
CONFIRM	http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow
CONFIRM	http://www.vmware.com/security/advisories/VMSA-2010-0019.html
CONFIRM	http://support.apple.com/kb/HT4581
APPLE	APPLE-SA-2011-03-21-1
FEDORA	FEDORA-2010-17439
FEDORA	FEDORA-2010-1512
GENTOO	GLSA-201301-05
REDHAT	RHSA-2010:0703
REDHAT	RHSA-2010:0858
SUSE	SUSE-SR:2010:018
UBUNTU	USN-986-1
UBUNTU	USN-986-2
UBUNTU	USN-986-3
SECUNIA	41452
SECUNIA	41505
SECUNIA	42350
SECUNIA	42404
SECUNIA	42405
SECUNIA	42529
SECUNIA	42530
SECUNIA	48378
VUPEN	ADV-2010-2455
VUPEN	ADV-2010-3043
VUPEN	ADV-2010-3052
VUPEN	ADV-2010-3073
VUPEN	ADV-2010-3126
VUPEN	ADV-2010-3127