Every CVE whose affected-product data names Gnu Gzip, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2004-0603 — CVSS 10.0 (critical): gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could…
CVE-2022-1271 — CVSS 8.8 (high): An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for…
CVE-2001-1228 — CVSS 7.5 (high): Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if…
CVE-2026-41992 — CVSS 7.5 (high): GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state…
CVE-2009-2624 — CVSS 6.8 (medium): The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote…
CVE-2010-0001 — CVSS 6.8 (medium): Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows…
CVE-2005-1228 — CVSS 5.0 (medium): Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a…
CVE-2026-41991 — CVSS 4.7 (medium): GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not…
CVE-2005-0758 — CVSS 4.6 (medium): zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that…
CVE-2005-0988 — CVSS 3.7 (low): Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary…
CVE-2004-0970 — CVSS 2.1 (low): The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to…
CVE-2003-0367 — CVSS 2.1 (low): znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2004-1349 — CVSS 2.1 (low): gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the…