Integer Underflow Vulnerability in Gzip Affecting Various Platforms
CVE-2010-0001

Currently unrated

Key Information:

Vendor: Gnu
Status: Gzip
Vendor: CVE Published:; 29 January 2010

Summary

An integer underflow issue exists in the unlzw function in gzipped files prior to version 1.4, particularly affecting 64-bit platforms. This flaw allows an attacker to craft specific LZW-compressed archives that may lead to an application crash or potentially permit the execution of arbitrary code. This vulnerability can compromise application stability and security, making it crucial for users to update their gzip versions and verify file integrity.

References

http://secunia.com/advisories/38220

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/40655

third-party-advisoryx_refsource_SECUNIA

http://support.apple.com/kb/HT4435

x_refsource_CONFIRM

EPSS Score

12% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 29, 2010
Vulnerability Reserved
Dec 14, 2009