Gzip

This hub aggregates every CVE we track for Gzip, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Gzip.

• CVE-2022-1271An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attac...8.8Aug 31, 2022
• CVE-2009-2624The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or in...6.8Jan 29, 2010
• CVE-2010-0001Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (applicatio...6.8Jan 29, 2010
• CVE-2006-4335Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of ...7.5Sep 19, 2006
• CVE-2006-4338unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.5.0Sep 19, 2006
• CVE-2006-4337Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.7.5Sep 19, 2006
• CVE-2006-4334Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.5.0Sep 19, 2006
• CVE-2006-4336Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative i...7.5Sep 19, 2006
• CVE-2005-0758zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.4.6May 13, 2005
• CVE-2005-1228Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed ...5.0Apr 22, 2005
• CVE-2005-0988Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being d...3.7Apr 6, 2005
• CVE-2004-1349gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify thes...2.1Jan 19, 2005
• CVE-2004-0970The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE...2.1Oct 20, 2004
• CVE-2004-0603gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrar...10.0Jun 30, 2004
• CVE-2003-0367znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.2.1Jun 10, 2003