Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.
2009-08-19T17:30:00.953
2025-04-09T00:30:58.490
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:N/A:P
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | bzip | compress-raw-bzip2 | ≤ 2.017 | Yes |
| Application | bzip | compress-raw-bzip2 | 2.0.00_10 | Yes |
| Application | bzip | compress-raw-bzip2 | 2.0.00_12 | Yes |
| Application | bzip | compress-raw-bzip2 | 2.0.00_14 | Yes |
| Application | bzip | compress-raw-bzip2 | 2.0.01 | Yes |
| Application | bzip | compress-raw-bzip2 | 2.0.02 | Yes |
| Application | bzip | compress-raw-bzip2 | 2.0.03 | Yes |
| Application | bzip | compress-raw-bzip2 | 2.0.05 | Yes |
| Application | bzip | compress-raw-bzip2 | 2.0.06 | Yes |
| Application | bzip | compress-raw-bzip2 | 2.0.08 | Yes |
| Application | bzip | compress-raw-bzip2 | 2.0.09 | Yes |
| Application | bzip | compress-raw-bzip2 | 2.010 | Yes |
| Application | bzip | compress-raw-bzip2 | 2.011 | Yes |
| Application | bzip | compress-raw-bzip2 | 2.012 | Yes |
| Application | bzip | compress-raw-bzip2 | 2.014 | Yes |
| Application | bzip | compress-raw-bzip2 | 2.015 | Yes |
| Application | perl | perl | * | No |