FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bzip2 -- crash with certain malformed archive files

Affected packages
bzip2 < 1.0.5

Details

VuXML ID 063399fc-f6d6-11dc-bcee-001c2514716c
Discovery 2008-03-18
Entry 2008-03-20

SecurityFocus reports:

The 'bzip2' application is prone to a remote file-handling vulnerability because the application fails to properly handle malformed files.

Exploit attempts likely result in application crashes.

References

Bugtraq ID 28286
CVE Name CVE-2008-1372
URL http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/
URL https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html