Unrated severityNVD Advisory· Published Apr 16, 2014· Updated May 6, 2026

CVE-2011-4089

Description

The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

Affected products

Bzip/Bzip25 versions
cpe:2.3:a:bzip:bzip2:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:bzip:bzip2:*:*:*:*:*:*:*:*range: <=1.0.4
- cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:bzip:bzip2:1.0.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.ubuntu.com/usn/USN-1308-1nvdPatch
bugs.debian.org/cgi-bin/bugreport.cginvdPatch
www.exploit-db.com/exploits/18147nvdExploit
seclists.org/fulldisclosure/2011/Oct/804nvd
www.openwall.com/lists/oss-security/2011/10/28/16nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000