Every CVE whose affected-product data names Bzip Bzip2, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2019-12900 — CVSS 9.8 (critical): BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
CVE-2016-3189 — CVSS 6.5 (medium): Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted…
CVE-2010-0405 — CVSS 5.1 (medium): Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to…
CVE-2002-0759 — CVSS 5.0 (medium): bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag…
CVE-2005-1260 — CVSS 5.0 (medium): bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop…
CVE-2011-4089 — CVSS 4.6 (medium): The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during…
CVE-2008-1372 — CVSS 4.3 (medium): bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a…
CVE-2005-0953 — CVSS 3.7 (low): Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file…
CVE-2002-0761 — CVSS 2.1 (low): bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links…
CVE-2002-0760 — CVSS 1.2 (low): Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems…