CVE Vulnerabilities

CVE-2016-3189

Published: Jun 30, 2016 | Modified: Aug 16, 2022
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
4.3 LOW
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu

Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.

Affected Software

Name Vendor Start Version End Version
Bzip2 Bzip 1.0.6 1.0.6
Bzip2 Ubuntu artful *
Bzip2 Ubuntu esm-infra/xenial *
Bzip2 Ubuntu precise *
Bzip2 Ubuntu precise/esm *
Bzip2 Ubuntu trusty *
Bzip2 Ubuntu trusty/esm *
Bzip2 Ubuntu upstream *
Bzip2 Ubuntu vivid/stable-phone-overlay *
Bzip2 Ubuntu vivid/ubuntu-core *
Bzip2 Ubuntu wily *
Bzip2 Ubuntu xenial *
Bzip2 Ubuntu yakkety *
Bzip2 Ubuntu zesty *

References