VYPR

Gzip

by Gzip

CVEs (14)

  • CVE-2003-0844HigNov 17, 2003
    risk 0.46cvss 7.1epss 0.00

    mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on…

  • CVE-2026-41991modJun 29, 2026
    risk 0.39cvss 6.0epss 0.00

    gzip: gzip: Arbitrary file overwrite via insecure temporary file handling in gzexe utility

  • CVE-2009-2624Jan 29, 2010
    risk 0.00cvss epss 0.04

    The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this…

  • CVE-2006-4334Sep 19, 2006
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.

  • CVE-2006-4338Sep 19, 2006
    risk 0.00cvss epss 0.04

    unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.

  • CVE-2006-4335Sep 19, 2006
    risk 0.00cvss epss 0.05

    Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive…

  • CVE-2006-4336Sep 19, 2006
    risk 0.00cvss epss 0.06

    Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.

  • CVE-2006-4337Sep 19, 2006
    risk 0.00cvss epss 0.06

    Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.

  • CVE-2005-0758May 13, 2005
    risk 0.00cvss epss 0.01

    zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

  • CVE-2005-0988May 2, 2005
    risk 0.00cvss epss 0.01

    Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is…

  • CVE-2005-1228May 2, 2005
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.

  • CVE-2004-0970Feb 9, 2005
    risk 0.00cvss epss 0.00

    The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.

  • CVE-2003-0843Nov 17, 2003
    risk 0.00cvss epss 0.02

    Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request…

  • CVE-2003-0367Jul 2, 2003
    risk 0.00cvss epss 0.00

    znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.