Gzip
by GNU
Source repositories
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41992 | 0.00 | — | — | Jun 30, 2026 | GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and… | |||
| CVE-2022-1271 | 0.00 | — | 0.04 | Aug 31, 2022 | An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to… | |||
| CVE-2010-0001 | 0.00 | — | 0.05 | Jan 29, 2010 | Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW… | |||
| CVE-2009-2624 | 0.00 | — | 0.04 | Jan 29, 2010 | The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this… | |||
| CVE-2005-0758 | 0.00 | — | 0.01 | May 13, 2005 | zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. | |||
| CVE-2005-0988 | 0.00 | — | 0.01 | May 2, 2005 | Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is… | |||
| CVE-2005-1228 | 0.00 | — | 0.04 | May 2, 2005 | Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. | |||
| CVE-2004-0970 | 0.00 | — | 0.00 | Feb 9, 2005 | The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367. | |||
| CVE-2004-0603 | 0.00 | — | 0.03 | Dec 6, 2004 | gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332. | |||
| CVE-2004-1349 | 0.00 | — | 0.01 | Oct 4, 2004 | gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files. | |||
| CVE-2003-0367 | 0.00 | — | 0.00 | Jul 2, 2003 | znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||
| CVE-2001-1228 | 0.00 | — | 0.03 | Nov 18, 2001 | Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server. |
- CVE-2026-41992Jun 30, 2026risk 0.00cvss —epss —
GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and…
- CVE-2022-1271Aug 31, 2022risk 0.00cvss —epss 0.04
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to…
- CVE-2010-0001Jan 29, 2010risk 0.00cvss —epss 0.05
Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW…
- CVE-2009-2624Jan 29, 2010risk 0.00cvss —epss 0.04
The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this…
- CVE-2005-0758May 13, 2005risk 0.00cvss —epss 0.01
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
- CVE-2005-0988May 2, 2005risk 0.00cvss —epss 0.01
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is…
- CVE-2005-1228May 2, 2005risk 0.00cvss —epss 0.04
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.
- CVE-2004-0970Feb 9, 2005risk 0.00cvss —epss 0.00
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.
- CVE-2004-0603Dec 6, 2004risk 0.00cvss —epss 0.03
gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.
- CVE-2004-1349Oct 4, 2004risk 0.00cvss —epss 0.01
gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.
- CVE-2003-0367Jul 2, 2003risk 0.00cvss —epss 0.00
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
- CVE-2001-1228Nov 18, 2001risk 0.00cvss —epss 0.03
Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server.