Primary

Context

bzip2 Off-by-One Error in bzip2recover Utility Leading to Memory Corruption and Denial-of-Service

Vulnerability

Patched

A vulnerability exists in bzip2 versions prior to 1.0.9, specifically within the bzip2recover utility. The issue arises from an off-by-one error that allows for an out-of-bounds write to a global buffer when the application processes specially crafted files. This memory corruption causes a crash, creating a denial-of-service condition.

Impact

Exploitation of this vulnerability results in memory corruption, causing the application to crash and leading to a denial-of-service condition.

Remediation

Users can upgrade to bzip2 version 1.0.9 or later to address this vulnerability.

Added: May 28, 2026, 3:28 PM

Updated: May 28, 2026, 3:28 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

1.3

exploitability

4.7

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

1.3

exploitability

4.7

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

bzip2 Off-by-One Error in bzip2recover Utility Leading to Memory Corruption and Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

bzip2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating