Org.apache.commons:commons-compress

This hub aggregates every CVE we track for Org.apache.commons:commons-compress, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 11 most recently published vulnerabilities affecting Org.apache.commons:commons-compress.

• CVE-2024-25710Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file8.1Feb 19, 2024
• CVE-2024-26308Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file5.5Feb 19, 2024
• CVE-2023-42503Apache Commons Compress: Denial of service via CPU consumption for malformed TAR file5.5Sep 14, 2023
• CVE-2021-36090Apache Commons Compress 1.0 to 1.20 denial of service vulnerability7.5Jul 13, 2021
• CVE-2021-35517Apache Commons Compress 1.1 to 1.20 denial of service vulnerability7.5Jul 13, 2021
• CVE-2021-35516Apache Commons Compress 1.6 to 1.20 denial of service vulnerability7.5Jul 13, 2021
• CVE-2021-35515Apache Commons Compress 1.6 to 1.20 denial of service vulnerability7.5Jul 13, 2021
• CVE-2019-12402The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service...7.5Aug 29, 2019
• CVE-2018-11771When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the strea...5.5Aug 16, 2018
• CVE-2018-1324A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to...5.5Mar 16, 2018
• CVE-2012-2098Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a d...5.0Jun 29, 2012