{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72128?format=json","vulnerability_id":"VCID-wbym-cf79-rfd3","summary":"Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a \"stack modification vulnerability.\"","aliases":[{"alias":"CVE-2006-4335"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5344?format=json","purl":"pkg:deb/debian/gzip@1.3.5-15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-u3sv-pcka-gfea"},{"vulnerability":"VCID-vg3a-h2pv-xqab"},{"vulnerability":"VCID-yep2-pmhw-bkgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gzip@1.3.5-15"},{"url":"http://public2.vulnerablecode.io/api/packages/98243?format=json","purl":"pkg:deb/debian/gzip@1.3.5-15?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gzip@1.3.5-15%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98232?format=json","purl":"pkg:deb/debian/gzip@1.10-4%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gzip@1.10-4%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98230?format=json","purl":"pkg:deb/debian/gzip@1.12-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gzip@1.12-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/98233?format=json","purl":"pkg:deb/debian/gzip@1.13-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gzip@1.13-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/192714?format=json","purl":"pkg:ebuild/app-arch/gzip@1.3.5-r9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-arch/gzip@1.3.5-r9"},{"url":"http://public2.vulnerablecode.io/api/packages/505889?format=json","purl":"pkg:ebuild/app-arch/lha@114i-r6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-arch/lha@114i-r6"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5339?format=json","purl":"pkg:deb/debian/gzip@1.2.4-27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22yj-um9m-8bfa"},{"vulnerability":"VCID-353d-d1cj-5ka9"},{"vulnerability":"VCID-9ehy-my4r-qbbe"},{"vulnerability":"VCID-9jab-xz6n-g3h6"},{"vulnerability":"VCID-ahfm-5k5y-zqa6"},{"vulnerability":"VCID-jq8f-p32j-pqbh"},{"vulnerability":"VCID-nxe3-44cq-2ybe"},{"vulnerability":"VCID-psqw-be2n-ufcn"},{"vulnerability":"VCID-u3sv-pcka-gfea"},{"vulnerability":"VCID-up3n-ccgt-c3e7"},{"vulnerability":"VCID-vb2n-e9k4-kfat"},{"vulnerability":"VCID-vg3a-h2pv-xqab"},{"vulnerability":"VCID-wbym-cf79-rfd3"},{"vulnerability":"VCID-yep2-pmhw-bkgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gzip@1.2.4-27"},{"url":"http://public2.vulnerablecode.io/api/packages/5340?format=json","purl":"pkg:deb/debian/gzip@1.2.4-28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22yj-um9m-8bfa"},{"vulnerability":"VCID-353d-d1cj-5ka9"},{"vulnerability":"VCID-9ehy-my4r-qbbe"},{"vulnerability":"VCID-9jab-xz6n-g3h6"},{"vulnerability":"VCID-ahfm-5k5y-zqa6"},{"vulnerability":"VCID-jq8f-p32j-pqbh"},{"vulnerability":"VCID-nxe3-44cq-2ybe"},{"vulnerability":"VCID-psqw-be2n-ufcn"},{"vulnerability":"VCID-u3sv-pcka-gfea"},{"vulnerability":"VCID-up3n-ccgt-c3e7"},{"vulnerability":"VCID-vb2n-e9k4-kfat"},{"vulnerability":"VCID-vg3a-h2pv-xqab"},{"vulnerability":"VCID-wbym-cf79-rfd3"},{"vulnerability":"VCID-yep2-pmhw-bkgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gzip@1.2.4-28"},{"url":"http://public2.vulnerablecode.io/api/packages/5341?format=json","purl":"pkg:deb/debian/gzip@1.2.4-33.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22yj-um9m-8bfa"},{"vulnerability":"VCID-353d-d1cj-5ka9"},{"vulnerability":"VCID-9ehy-my4r-qbbe"},{"vulnerability":"VCID-9jab-xz6n-g3h6"},{"vulnerability":"VCID-ahfm-5k5y-zqa6"},{"vulnerability":"VCID-jq8f-p32j-pqbh"},{"vulnerability":"VCID-nxe3-44cq-2ybe"},{"vulnerability":"VCID-psqw-be2n-ufcn"},{"vulnerability":"VCID-u3sv-pcka-gfea"},{"vulnerability":"VCID-up3n-ccgt-c3e7"},{"vulnerability":"VCID-vb2n-e9k4-kfat"},{"vulnerability":"VCID-vg3a-h2pv-xqab"},{"vulnerability":"VCID-wbym-cf79-rfd3"},{"vulnerability":"VCID-yep2-pmhw-bkgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gzip@1.2.4-33.1"},{"url":"http://public2.vulnerablecode.io/api/packages/5342?format=json","purl":"pkg:deb/debian/gzip@1.3.2-3woody3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22yj-um9m-8bfa"},{"vulnerability":"VCID-353d-d1cj-5ka9"},{"vulnerability":"VCID-9ehy-my4r-qbbe"},{"vulnerability":"VCID-9jab-xz6n-g3h6"},{"vulnerability":"VCID-ahfm-5k5y-zqa6"},{"vulnerability":"VCID-jq8f-p32j-pqbh"},{"vulnerability":"VCID-nxe3-44cq-2ybe"},{"vulnerability":"VCID-psqw-be2n-ufcn"},{"vulnerability":"VCID-u3sv-pcka-gfea"},{"vulnerability":"VCID-up3n-ccgt-c3e7"},{"vulnerability":"VCID-vb2n-e9k4-kfat"},{"vulnerability":"VCID-vg3a-h2pv-xqab"},{"vulnerability":"VCID-wbym-cf79-rfd3"},{"vulnerability":"VCID-yep2-pmhw-bkgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gzip@1.3.2-3woody3"},{"url":"http://public2.vulnerablecode.io/api/packages/5343?format=json","purl":"pkg:deb/debian/gzip@1.3.5-10sarge2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9ehy-my4r-qbbe"},{"vulnerability":"VCID-9jab-xz6n-g3h6"},{"vulnerability":"VCID-psqw-be2n-ufcn"},{"vulnerability":"VCID-u3sv-pcka-gfea"},{"vulnerability":"VCID-up3n-ccgt-c3e7"},{"vulnerability":"VCID-vg3a-h2pv-xqab"},{"vulnerability":"VCID-wbym-cf79-rfd3"},{"vulnerability":"VCID-yep2-pmhw-bkgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gzip@1.3.5-10sarge2"},{"url":"http://public2.vulnerablecode.io/api/packages/187205?format=json","purl":"pkg:rpm/redhat/gzip@1.3.3-13?arch=rhel3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9ehy-my4r-qbbe"},{"vulnerability":"VCID-9jab-xz6n-g3h6"},{"vulnerability":"VCID-psqw-be2n-ufcn"},{"vulnerability":"VCID-up3n-ccgt-c3e7"},{"vulnerability":"VCID-wbym-cf79-rfd3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/gzip@1.3.3-13%3Farch=rhel3"},{"url":"http://public2.vulnerablecode.io/api/packages/187204?format=json","purl":"pkg:rpm/redhat/gzip@1.3.3-16?arch=rhel4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9ehy-my4r-qbbe"},{"vulnerability":"VCID-9jab-xz6n-g3h6"},{"vulnerability":"VCID-psqw-be2n-ufcn"},{"vulnerability":"VCID-up3n-ccgt-c3e7"},{"vulnerability":"VCID-wbym-cf79-rfd3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/gzip@1.3.3-16%3Farch=rhel4"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-4335.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-4335.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-4335","reference_id":"","reference_type":"","scores":[{"value":"0.03561","scoring_system":"epss","scoring_elements":"0.87914","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03561","scoring_system":"epss","scoring_elements":"0.87935","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03561","scoring_system":"epss","scoring_elements":"0.87939","published_at":"2026-06-06T12:55:00Z"},{"value":"0.03561","scoring_system":"epss","scoring_elements":"0.87938","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03561","scoring_system":"epss","scoring_elements":"0.8794","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-4335"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=220595","reference_id":"220595","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=220595"},{"reference_url":"https://security.gentoo.org/glsa/200609-13","reference_id":"GLSA-200609-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200609-13"},{"reference_url":"https://security.gentoo.org/glsa/200611-24","reference_id":"GLSA-200611-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200611-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2006:0667","reference_id":"RHSA-2006:0667","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2006:0667"},{"reference_url":"https://usn.ubuntu.com/349-1/","reference_id":"USN-349-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/349-1/"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.0","risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wbym-cf79-rfd3"}