CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-12900

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1800%
EPSS Percentile4.34th
Published2019年6月19日
Last Modified2025年6月9日

Vulnerability Description

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

Affected Platforms (CPE)

📦
Bzip

Bzip2

<= 1.0.6
💻
Debian

Debian Linux

= 8.0
💻
Opensuse

Leap

= 15.0
💻
Opensuse

Leap

= 15.1
💻
Canonical

Ubuntu Linux

= 12.04
💻
Canonical

Ubuntu Linux

= 14.04
💻
Canonical

Ubuntu Linux

= 16.04
💻
Canonical

Ubuntu Linux

= 18.04
💻
Canonical

Ubuntu Linux

= 19.04
💻
Freebsd

Freebsd

= 11.2
💻
Freebsd

Freebsd

= 11.2
💻
Freebsd

Freebsd

= 11.2
💻
Freebsd

Freebsd

= 11.2
💻
Freebsd

Freebsd

= 11.2
💻
Freebsd

Freebsd

= 11.2
💻
Freebsd

Freebsd

= 11.2
💻
Freebsd

Freebsd

= 11.2
💻
Freebsd

Freebsd

= 11.2
💻
Freebsd

Freebsd

= 11.2
💻
Freebsd

Freebsd

= 11.2
💻
Freebsd

Freebsd

= 11.2
💻
Freebsd

Freebsd

= 11.2
💻
Freebsd

Freebsd

= 11.3
💻
Freebsd

Freebsd

= 11.3
💻
Freebsd

Freebsd

= 12.0
💻
Freebsd

Freebsd

= 12.0
💻
Freebsd

Freebsd

= 12.0
💻
Freebsd

Freebsd

= 12.0
💻
Freebsd

Freebsd

= 12.0
💻
Freebsd

Freebsd

= 12.0
💻
Freebsd

Freebsd

= 12.0
💻
Freebsd

Freebsd

= 12.0
💻
Freebsd

Freebsd

= 12.0
📦
Python

Python

>= 3.7.0 and < 3.7.13
📦
Python

Python

>= 3.8.0 and < 3.8.13
📦
Python

Python

>= 3.9.0 and < 3.9.11
📦
Python

Python

>= 3.10.0 and < 3.10.3

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html
🔗 http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html
🔗 http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html
🔗 https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
🔗 https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E

関連する脆弱性情報

CVE-2007-633710.0

Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact an...

CVE-2016-43369.8

An exploitable out-of-bounds write exists in the Bzip2 parsing of the Lexmark Perspective Document Filters conversion functionalit...

CVE-2007-14617.8

The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safe...

CVE-2021-371367.5

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects th...