CVE-2010-0001
29.01.2010, 18:30
Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.Enginsight
Vendor | Product | Version |
---|---|---|
gnu | gzip | 𝑥 ≤ 1.3.13 |
gnu | gzip | 1.2.4 |
gnu | gzip | 1.2.4a |
gnu | gzip | 1.3 |
gnu | gzip | 1.3.1 |
gnu | gzip | 1.3.2 |
gnu | gzip | 1.3.3 |
gnu | gzip | 1.3.4 |
gnu | gzip | 1.3.5 |
gnu | gzip | 1.3.6 |
gnu | gzip | 1.3.7 |
gnu | gzip | 1.3.8 |
gnu | gzip | 1.3.9 |
gnu | gzip | 1.3.10 |
gnu | gzip | 1.3.11 |
gnu | gzip | 1.3.12 |
𝑥
= Vulnerable software versions

Debian Releases
Debian Product | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
busybox |
| ||||||||||
gzip |
| ||||||||||
klibc |
| ||||||||||
ncompress |
| ||||||||||
pristine-tar |
|

Ubuntu Releases
Common Weakness Enumeration
References