Unrated severityNVD Advisory· Published Sep 28, 2010· Updated Apr 29, 2026
CVE-2010-0405
CVE-2010-0405
Description
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
Affected products
23cpe:2.3:a:bzip:bzip2:*:*:*:*:*:*:*:*+ 21 more
- cpe:2.3:a:bzip:bzip2:*:*:*:*:*:*:*:*range: <=1.0.5
- cpe:2.3:a:bzip:bzip2:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9.0a:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9.0b:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9.0c:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9.5_a:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9.5_b:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9.5_c:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9.5_d:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9_a:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9_b:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:0.9_c:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:1.0.4:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
34- secunia.com/advisories/41452nvdVendor Advisory
- blogs.sun.com/security/entry/cve_2010_0405_integer_overflownvd
- lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.htmlnvd
- marc.infonvd
- secunia.com/advisories/41505nvd
- secunia.com/advisories/42350nvd
- secunia.com/advisories/42404nvd
- secunia.com/advisories/42405nvd
- secunia.com/advisories/42529nvd
- secunia.com/advisories/42530nvd
- secunia.com/advisories/48378nvd
- security.gentoo.org/glsa/glsa-201301-05.xmlnvd
- support.apple.com/kb/HT4581nvd
- www.bzip.orgnvd
- www.redhat.com/support/errata/RHSA-2010-0703.htmlnvd
- www.redhat.com/support/errata/RHSA-2010-0858.htmlnvd
- www.securityfocus.com/archive/1/515055/100/0/threadednvd
- www.ubuntu.com/usn/USN-986-2nvd
- www.ubuntu.com/usn/USN-986-3nvd
- www.ubuntu.com/usn/usn-986-1nvd
- www.vmware.com/security/advisories/VMSA-2010-0019.htmlnvd
- www.vupen.com/english/advisories/2010/2455nvd
- www.vupen.com/english/advisories/2010/3043nvd
- www.vupen.com/english/advisories/2010/3052nvd
- www.vupen.com/english/advisories/2010/3073nvd
- www.vupen.com/english/advisories/2010/3126nvd
- www.vupen.com/english/advisories/2010/3127nvd
- xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/nvd
- bugzilla.redhat.com/show_bug.cginvd
- wwws.clamav.net/bugzilla/show_bug.cginvd
- wwws.clamav.net/bugzilla/show_bug.cginvd
News mentions
0No linked articles in our index yet.