Search for packages
Package details: pkg:deb/debian/bzip2@1.0.5-1%2Blenny1
purl pkg:deb/debian/bzip2@1.0.5-1%2Blenny1
Next non-vulnerable version 1.0.6-9.2~deb10u1
Latest non-vulnerable version 1.0.6-9.2~deb10u1
Risk 8.2
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-8urm-9ubj-aaac
Aliases:
CVE-2019-12900
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
1.0.6-9
Affected by 1 other vulnerability.
1.0.6-9.2~deb10u1
Affected by 0 other vulnerabilities.
VCID-an3m-4v53-aaaa
Aliases:
CVE-2011-4089
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.
1.0.6-4
Affected by 2 other vulnerabilities.
VCID-ftyp-se1c-aaab
Aliases:
CVE-2016-3189
Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.
1.0.6-8.1
Affected by 1 other vulnerability.
VCID-pvq7-umur-aaag
Aliases:
CVE-2010-0405
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
1.0.5-6+squeeze1
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-hvhn-38c6-aaad bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats. CVE-2008-1372

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T18:01:00.387041+00:00 Debian Oval Importer Fixing VCID-hvhn-38c6-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:18:11.792010+00:00 Debian Oval Importer Affected by VCID-pvq7-umur-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:55:13.406121+00:00 Debian Oval Importer Affected by VCID-an3m-4v53-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:21:35.891339+00:00 Debian Oval Importer Affected by VCID-8urm-9ubj-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:33:59.095214+00:00 Debian Oval Importer Affected by VCID-ftyp-se1c-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T01:07:02.439661+00:00 Debian Oval Importer Affected by VCID-8urm-9ubj-aaac None 36.1.3
2025-06-20T22:24:41.169933+00:00 Debian Oval Importer Affected by VCID-an3m-4v53-aaaa None 36.1.3
2025-06-20T22:16:48.179171+00:00 Debian Oval Importer Affected by VCID-pvq7-umur-aaag None 36.1.3
2025-06-20T22:00:41.815098+00:00 Debian Oval Importer Affected by VCID-ftyp-se1c-aaab None 36.1.3
2025-06-20T20:22:18.201954+00:00 Debian Oval Importer Fixing VCID-hvhn-38c6-aaad None 36.1.3
2025-06-08T13:16:44.580659+00:00 Debian Oval Importer Affected by VCID-an3m-4v53-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:32:42.381977+00:00 Debian Oval Importer Fixing VCID-hvhn-38c6-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:12:04.428890+00:00 Debian Oval Importer Affected by VCID-pvq7-umur-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:48:40.613523+00:00 Debian Oval Importer Affected by VCID-an3m-4v53-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:14:42.883519+00:00 Debian Oval Importer Affected by VCID-8urm-9ubj-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:28:02.538324+00:00 Debian Oval Importer Affected by VCID-ftyp-se1c-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-07T18:29:38.476498+00:00 Debian Oval Importer Affected by VCID-8urm-9ubj-aaac None 36.1.0
2025-06-07T15:48:55.881229+00:00 Debian Oval Importer Affected by VCID-an3m-4v53-aaaa None 36.1.0
2025-06-07T15:40:50.232574+00:00 Debian Oval Importer Affected by VCID-pvq7-umur-aaag None 36.1.0
2025-06-07T15:24:16.095184+00:00 Debian Oval Importer Affected by VCID-ftyp-se1c-aaab None 36.1.0
2025-06-07T13:58:19.385325+00:00 Debian Oval Importer Fixing VCID-hvhn-38c6-aaad None 36.1.0
2025-04-12T21:52:54.599864+00:00 Debian Oval Importer Affected by VCID-8urm-9ubj-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T21:47:12.628873+00:00 Debian Oval Importer Affected by VCID-ftyp-se1c-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T21:12:09.937631+00:00 Debian Oval Importer Fixing VCID-hvhn-38c6-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:29:57.751418+00:00 Debian Oval Importer Affected by VCID-pvq7-umur-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:04:42.398362+00:00 Debian Oval Importer Affected by VCID-an3m-4v53-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:14:04.017504+00:00 Debian Oval Importer Fixing VCID-hvhn-38c6-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:44:00.924585+00:00 Debian Oval Importer Affected by VCID-pvq7-umur-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:21:08.044996+00:00 Debian Oval Importer Affected by VCID-an3m-4v53-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:47:16.693666+00:00 Debian Oval Importer Affected by VCID-8urm-9ubj-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:00:21.323146+00:00 Debian Oval Importer Affected by VCID-ftyp-se1c-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T17:07:18.209295+00:00 Debian Oval Importer Affected by VCID-8urm-9ubj-aaac None 36.0.0
2025-04-07T14:19:44.225159+00:00 Debian Oval Importer Affected by VCID-an3m-4v53-aaaa None 36.0.0
2025-04-07T14:11:42.747162+00:00 Debian Oval Importer Affected by VCID-pvq7-umur-aaag None 36.0.0
2025-04-07T13:55:34.081978+00:00 Debian Oval Importer Affected by VCID-ftyp-se1c-aaab None 36.0.0
2025-04-07T12:32:51.383169+00:00 Debian Oval Importer Fixing VCID-hvhn-38c6-aaad None 36.0.0
2024-11-28T13:48:23.594704+00:00 Debian Oval Importer Affected by VCID-an3m-4v53-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-27T14:07:25.111550+00:00 Debian Oval Importer Affected by VCID-pvq7-umur-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-26T13:38:42.730896+00:00 Debian Oval Importer Fixing VCID-hvhn-38c6-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-10-14T00:37:00.452691+00:00 Debian Oval Importer Affected by VCID-an3m-4v53-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T08:18:24.605235+00:00 Debian Oval Importer Affected by VCID-pvq7-umur-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-12T15:39:34.772415+00:00 Debian Oval Importer Fixing VCID-hvhn-38c6-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-09-21T04:23:30.377544+00:00 Debian Oval Importer Affected by VCID-an3m-4v53-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T21:38:36.072597+00:00 Debian Oval Importer Affected by VCID-pvq7-umur-aaag https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T15:51:10.227596+00:00 Debian Oval Importer Fixing VCID-hvhn-38c6-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1