CVE-2010-0001

Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
Severity
UNKNOWN
AV:N/AC:M/Au:N/C:P/I:P/A:P
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
gnugzip
𝑥
≤ 1.3.13
gnugzip
1.2.4
gnugzip
1.2.4a
gnugzip
1.3
gnugzip
1.3.1
gnugzip
1.3.2
gnugzip
1.3.3
gnugzip
1.3.4
gnugzip
1.3.5
gnugzip
1.3.6
gnugzip
1.3.7
gnugzip
1.3.8
gnugzip
1.3.9
gnugzip
1.3.10
gnugzip
1.3.11
gnugzip
1.3.12
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References