CVE-2010-0001 - Githubissues

mkbenwal / dracolinux

Automatically exported from code.google.com/p/dracolinux

1 stars 0 forks source link

CVE-2010-0001 #19

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit 
platforms, as used in *ncompress* and probably others, allows remote attackers 
to cause a denial of service (application crash) or possibly execute arbitrary 
code via a crafted archive that uses LZW compression, leading to an array index 
error.

Original issue reported on code.google.com by ole.andr...@gmail.com on 20 Aug 2010 at 7:34

GoogleCodeExporter commented 9 years ago

http://www.debian.org/security/2010/dsa-2074

http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=a3db5806d012082b9e25cc36d09
f19cd736a468f

Original comment by ole.andr...@gmail.com on 20 Aug 2010 at 11:31

GoogleCodeExporter commented 9 years ago

The 0.3 branch is soon EOL, no time to fix this issue. Sorry.

Original comment by off...@symbiosis.cc on 4 Aug 2011 at 10:51

Changed state: WontFix