Home

Description

bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash (denial of service). This issue was fixed in bzip2 patch 35d122a3df8b0cc4082a4d89fdc6ee99f375fe67

PUBLISHED Reserved 2026-04-25 | Published 2026-05-28 | Updated 2026-06-05 | Assigner CERT-PL




MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-787 Out-of-bounds Write

Product status

Default status
unaffected

Any version
affected

35d122a3df8b0cc4082a4d89fdc6ee99f375fe67 (custom)
unaffected

Credits

Michał Majchrowicz (AFINE Team) finder

Marcin Wyczechowski (AFINE Team) finder

References

cert.pl/en/posts/2026/05/CVE-2026-42250/ third-party-advisory

sourceware.org/bzip2/ product

inbox.sourceware.org/...60528145407.293768-1-mark@klomp.org/ vendor-advisory

sourceware.org/...d=35d122a3df8b0cc4082a4d89fdc6ee99f375fe67 patch

cve.org (CVE-2026-42250)

nvd.nist.gov (CVE-2026-42250)

Download JSON