CVE-2019-12900 (NVD)

2019-06-19

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

Products Bzip2, Ubuntu_linux, Debian_linux, Freebsd, Leap, Python
Type Out-of-bounds Write (CWE-787)
First patch - None (likely due to unavailable code)
Links https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc
https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html
https://seclists.org/bugtraq/2019/Aug/4
https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E
https://www.oracle.com/security-alerts/cpuoct2020.html