CyberSec.Space Logo
Back to CVE Browser

CVE-2002-0759

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.0140%
EPSS Percentile3.58th
PublishedAug 12, 2002
Last ModifiedApr 16, 2026

Vulnerability Description

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.

Affected Platforms (CPE)

πŸ“¦
Bzip

Bzip2

= 0.9.0
πŸ“¦
Bzip

Bzip2

= 0.9.0a
πŸ“¦
Bzip

Bzip2

= 0.9.0b
πŸ“¦
Bzip

Bzip2

= 0.9.0c
πŸ“¦
Bzip

Bzip2

= 0.9.5a
πŸ“¦
Bzip

Bzip2

= 0.9.5b
πŸ“¦
Bzip

Bzip2

= 0.9.5c
πŸ“¦
Bzip

Bzip2

= 0.9.5d
πŸ“¦
Bzip

Bzip2

= 1.0
πŸ“¦
Bzip

Bzip2

= 1.0.1

References & Advisories

πŸ”— ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
πŸ”— ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc
πŸ”— http://www.iss.net/security_center/static/9126.php
πŸ”— http://www.securityfocus.com/bid/4774
πŸ”— ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
πŸ”— ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc
πŸ”— http://www.iss.net/security_center/static/9126.php
πŸ”— http://www.securityfocus.com/bid/4774

Related Vulnerabilities

CVE-2007-633710.0

Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact an...

CVE-2016-43369.8

An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionalit...

CVE-2019-129009.8

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

CVE-2007-14617.8

The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safe...