CVE-2009-2624

Currently unrated

Key Information:

Vendor: Gnu
Status: Gzip
Vendor: CVE Published:; 29 January 2010

Summary

The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.

References

http://support.apple.com/kb/HT4435

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2010/0185

vdb-entryx_refsource_VUPEN

http://www.ubuntu.com/usn/USN-889-1

vendor-advisoryx_refsource_UBUNTU

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 29, 2010
Vulnerability Reserved
Jul 28, 2009