Integer Underflow Vulnerability in Gzip Affecting Various Platforms
CVE-2010-0001

Currently unrated

Key Information:

Vendor

Gnu
Status
Gzip
Vendor
CVE Published:
29 January 2010

What is CVE-2010-0001?

An integer underflow issue exists in the unlzw function in gzipped files prior to version 1.4, particularly affecting 64-bit platforms. This flaw allows an attacker to craft specific LZW-compressed archives that may lead to an application crash or potentially permit the execution of arbitrary code. This vulnerability can compromise application stability and security, making it crucial for users to update their gzip versions and verify file integrity.

References

http://secunia.com/advisories/38220
third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/40655
third-party-advisoryx_refsource_SECUNIA
http://support.apple.com/kb/HT4435
x_refsource_CONFIRM

EPSS Score

38% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2010-0001 : Integer Underflow Vulnerability in Gzip Affecting Various Platforms