Gzip
by Gzip
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-0844 | Hig | 0.46 | 7.1 | 0.00 | Nov 17, 2003 | mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on… | ||
| CVE-2026-41991 | mod | 0.39 | 6.0 | 0.00 | Jun 29, 2026 | gzip: gzip: Arbitrary file overwrite via insecure temporary file handling in gzexe utility | ||
| CVE-2009-2624 | 0.00 | — | 0.04 | Jan 29, 2010 | The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this… | |||
| CVE-2006-4334 | 0.00 | — | 0.04 | Sep 19, 2006 | Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference. | |||
| CVE-2006-4338 | 0.00 | — | 0.04 | Sep 19, 2006 | unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive. | |||
| CVE-2006-4335 | 0.00 | — | 0.05 | Sep 19, 2006 | Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive… | |||
| CVE-2006-4336 | 0.00 | — | 0.06 | Sep 19, 2006 | Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index. | |||
| CVE-2006-4337 | 0.00 | — | 0.06 | Sep 19, 2006 | Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive. | |||
| CVE-2005-0758 | 0.00 | — | 0.01 | May 13, 2005 | zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. | |||
| CVE-2005-0988 | 0.00 | — | 0.01 | May 2, 2005 | Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is… | |||
| CVE-2005-1228 | 0.00 | — | 0.04 | May 2, 2005 | Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. | |||
| CVE-2004-0970 | 0.00 | — | 0.00 | Feb 9, 2005 | The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367. | |||
| CVE-2003-0843 | 0.00 | — | 0.02 | Nov 17, 2003 | Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request… | |||
| CVE-2003-0367 | 0.00 | — | 0.00 | Jul 2, 2003 | znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
- risk 0.46cvss 7.1epss 0.00
mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on…
- risk 0.39cvss 6.0epss 0.00
gzip: gzip: Arbitrary file overwrite via insecure temporary file handling in gzexe utility
- CVE-2009-2624Jan 29, 2010risk 0.00cvss —epss 0.04
The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this…
- CVE-2006-4334Sep 19, 2006risk 0.00cvss —epss 0.04
Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.
- CVE-2006-4338Sep 19, 2006risk 0.00cvss —epss 0.04
unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.
- CVE-2006-4335Sep 19, 2006risk 0.00cvss —epss 0.05
Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive…
- CVE-2006-4336Sep 19, 2006risk 0.00cvss —epss 0.06
Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.
- CVE-2006-4337Sep 19, 2006risk 0.00cvss —epss 0.06
Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.
- CVE-2005-0758May 13, 2005risk 0.00cvss —epss 0.01
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
- CVE-2005-0988May 2, 2005risk 0.00cvss —epss 0.01
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is…
- CVE-2005-1228May 2, 2005risk 0.00cvss —epss 0.04
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.
- CVE-2004-0970Feb 9, 2005risk 0.00cvss —epss 0.00
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.
- CVE-2003-0843Nov 17, 2003risk 0.00cvss —epss 0.02
Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request…
- CVE-2003-0367Jul 2, 2003risk 0.00cvss —epss 0.00
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.