Search for packages
| purl | pkg:deb/debian/gzip@1.3.12-9%2Bsqueeze1 |
| Next non-vulnerable version | 1.10-4+deb11u1 |
| Latest non-vulnerable version | 1.10-4+deb11u1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-zgc5-nzyz-aaan
Aliases: CVE-2022-1271 |
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1jzu-evut-aaaj | Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error. |
CVE-2010-0001
|
| VCID-kzvy-qy9e-aaah | The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression. |
CVE-2009-2624
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T15:01:39.112597+00:00 | Debian Oval Importer | Fixing | VCID-1jzu-evut-aaaj | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:44:10.475568+00:00 | Debian Oval Importer | Affected by | VCID-zgc5-nzyz-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:24:39.279094+00:00 | Debian Oval Importer | Fixing | VCID-kzvy-qy9e-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-20T23:59:56.822591+00:00 | Debian Oval Importer | Fixing | VCID-kzvy-qy9e-aaah | None | 36.1.3 |
| 2025-06-20T22:52:43.198343+00:00 | Debian Oval Importer | Fixing | VCID-1jzu-evut-aaaj | None | 36.1.3 |
| 2025-06-20T20:32:33.955883+00:00 | Debian Oval Importer | Affected by | VCID-zgc5-nzyz-aaan | None | 36.1.3 |
| 2025-06-08T11:51:24.565012+00:00 | Debian Oval Importer | Fixing | VCID-1jzu-evut-aaaj | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T07:55:02.030884+00:00 | Debian Oval Importer | Fixing | VCID-1jzu-evut-aaaj | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:38:20.947873+00:00 | Debian Oval Importer | Affected by | VCID-zgc5-nzyz-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:18:48.339071+00:00 | Debian Oval Importer | Fixing | VCID-kzvy-qy9e-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-07T17:22:50.678891+00:00 | Debian Oval Importer | Fixing | VCID-kzvy-qy9e-aaah | None | 36.1.0 |
| 2025-06-07T16:16:03.523839+00:00 | Debian Oval Importer | Fixing | VCID-1jzu-evut-aaaj | None | 36.1.0 |
| 2025-06-07T14:05:41.268046+00:00 | Debian Oval Importer | Affected by | VCID-zgc5-nzyz-aaan | None | 36.1.0 |
| 2025-04-12T21:51:51.881894+00:00 | Debian Oval Importer | Affected by | VCID-zgc5-nzyz-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:44:12.519184+00:00 | Debian Oval Importer | Fixing | VCID-kzvy-qy9e-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:36:25.784819+00:00 | Debian Oval Importer | Fixing | VCID-1jzu-evut-aaaj | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T06:27:27.646273+00:00 | Debian Oval Importer | Fixing | VCID-1jzu-evut-aaaj | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:10:47.253280+00:00 | Debian Oval Importer | Affected by | VCID-zgc5-nzyz-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:51:05.960665+00:00 | Debian Oval Importer | Fixing | VCID-kzvy-qy9e-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T15:56:59.460206+00:00 | Debian Oval Importer | Fixing | VCID-kzvy-qy9e-aaah | None | 36.0.0 |
| 2025-04-07T14:47:34.119127+00:00 | Debian Oval Importer | Fixing | VCID-1jzu-evut-aaaj | None | 36.0.0 |
| 2025-04-07T12:39:30.637999+00:00 | Debian Oval Importer | Affected by | VCID-zgc5-nzyz-aaan | None | 36.0.0 |
| 2024-11-27T13:04:34.133834+00:00 | Debian Oval Importer | Fixing | VCID-1jzu-evut-aaaj | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-11-27T05:50:43.439843+00:00 | Debian Oval Importer | Fixing | VCID-kzvy-qy9e-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-10-13T07:33:56.468873+00:00 | Debian Oval Importer | Fixing | VCID-1jzu-evut-aaaj | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-10-13T02:32:23.724120+00:00 | Debian Oval Importer | Fixing | VCID-kzvy-qy9e-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-09-20T21:21:58.645407+00:00 | Debian Oval Importer | Fixing | VCID-1jzu-evut-aaaj | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |
| 2024-09-20T19:33:49.542880+00:00 | Debian Oval Importer | Fixing | VCID-kzvy-qy9e-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |