CVE-2010-0405: Integer Overflow

Published Aug 27, 2010
·
Updated

A bzip2 security issue was reported to Debian security team: Mikołaj Izdebski has discovered an integer overflow flaw in the BZ2_decompress function in bzip2/libbz2. An attacker could use a crafted bz2 file to cause a denial of service (application crash) or potentially to execute arbitrary code. (CVE-2010-0405)

Affected Software

26 affected componentsFixes available
redhat/bzip2<0:1.0.2-16.el4_8
0:1.0.2-16.el4_8
redhat/bzip2<0:1.0.3-6.el5_5
0:1.0.3-6.el5_5
redhat/bzip2<0:1.0.5-7.el6_0
0:1.0.5-7.el6_0
Bzip bzip2<=1.0.5
Bzip bzip2=0.9
Bzip bzip2=0.9.0
Bzip bzip2=0.9.0a
Bzip bzip2=0.9.0b
Bzip bzip2=0.9.0c
Bzip bzip2=0.9.5_a
Bzip bzip2=0.9.5_b
Bzip bzip2=0.9.5_c
Bzip bzip2=0.9.5_d
Bzip bzip2=0.9.5a
Bzip bzip2=0.9.5b
Bzip bzip2=0.9.5c
Bzip bzip2=0.9.5d
Bzip bzip2=0.9_a
Bzip bzip2=0.9_b
Bzip bzip2=0.9_c
Bzip bzip2=1.0
Bzip bzip2=1.0.1
Bzip bzip2=1.0.2
Bzip bzip2=1.0.3
Bzip bzip2=1.0.4
Libzip2 Libzip2<=1.0.5

Event History

Aug 27, 2010
Data Sourced
via Red Hat·09:39 AM
DescriptionSeverityAffected Software
Sep 20, 2010
CVE Published
via Red Hat·12:00 AM
Sep 28, 2010
CVE Published
via MITRE·05:00 PM
Data Sourced
via MITRE·05:00 PM
Description
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2010-0405?

CVE-2010-0405 is considered to be of medium severity due to the risk of integer overflow vulnerabilities.

2

How do I fix CVE-2010-0405?

To fix CVE-2010-0405, update to the recommended bzip2 versions specified by your operating system vendor.

3

What software is affected by CVE-2010-0405?

CVE-2010-0405 affects various versions of the bzip2 software, particularly those prior to 1.0.6.

4

What type of vulnerability is CVE-2010-0405?

CVE-2010-0405 is an integer overflow vulnerability that can lead to memory corruption.

5

Can CVE-2010-0405 be exploited remotely?

Yes, CVE-2010-0405 can potentially be exploited remotely if an attacker can trigger the vulnerable bzip2 program.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203