CyberSec.Space Logo
Back to CVE Browser

CVE-2019-12900

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1800%
EPSS Percentile4.34th
PublishedJun 19, 2019
Last ModifiedJun 9, 2025

Vulnerability Description

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

Affected Platforms (CPE)

πŸ“¦
Bzip

Bzip2

<= 1.0.6
πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Opensuse

Leap

= 15.0
πŸ’»
Opensuse

Leap

= 15.1
πŸ’»
Canonical

Ubuntu Linux

= 12.04
πŸ’»
Canonical

Ubuntu Linux

= 14.04
πŸ’»
Canonical

Ubuntu Linux

= 16.04
πŸ’»
Canonical

Ubuntu Linux

= 18.04
πŸ’»
Canonical

Ubuntu Linux

= 19.04
πŸ’»
Freebsd

Freebsd

= 11.2
πŸ’»
Freebsd

Freebsd

= 11.2
πŸ’»
Freebsd

Freebsd

= 11.2
πŸ’»
Freebsd

Freebsd

= 11.2
πŸ’»
Freebsd

Freebsd

= 11.2
πŸ’»
Freebsd

Freebsd

= 11.2
πŸ’»
Freebsd

Freebsd

= 11.2
πŸ’»
Freebsd

Freebsd

= 11.2
πŸ’»
Freebsd

Freebsd

= 11.2
πŸ’»
Freebsd

Freebsd

= 11.2
πŸ’»
Freebsd

Freebsd

= 11.2
πŸ’»
Freebsd

Freebsd

= 11.2
πŸ’»
Freebsd

Freebsd

= 11.2
πŸ’»
Freebsd

Freebsd

= 11.3
πŸ’»
Freebsd

Freebsd

= 11.3
πŸ’»
Freebsd

Freebsd

= 12.0
πŸ’»
Freebsd

Freebsd

= 12.0
πŸ’»
Freebsd

Freebsd

= 12.0
πŸ’»
Freebsd

Freebsd

= 12.0
πŸ’»
Freebsd

Freebsd

= 12.0
πŸ’»
Freebsd

Freebsd

= 12.0
πŸ’»
Freebsd

Freebsd

= 12.0
πŸ’»
Freebsd

Freebsd

= 12.0
πŸ’»
Freebsd

Freebsd

= 12.0
πŸ“¦
Python

Python

>= 3.7.0 and < 3.7.13
πŸ“¦
Python

Python

>= 3.8.0 and < 3.8.13
πŸ“¦
Python

Python

>= 3.9.0 and < 3.9.11
πŸ“¦
Python

Python

>= 3.10.0 and < 3.10.3

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html
πŸ”— http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html
πŸ”— http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html
πŸ”— https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
πŸ”— https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E

Related Vulnerabilities

CVE-2007-633710.0

Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact an...

CVE-2016-43369.8

An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionalit...

CVE-2007-14617.8

The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safe...

CVE-2021-371367.5

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects th...