First published: Wed Jun 19 2019(Updated: )
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Bzip Bzip2 | <=1.0.6 | |
Debian Debian Linux | =8.0 | |
openSUSE Leap | =15.0 | |
openSUSE Leap | =15.1 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.04 | |
FreeBSD FreeBSD | =11.2 | |
FreeBSD FreeBSD | =11.2-p10 | |
FreeBSD FreeBSD | =11.2-p11 | |
FreeBSD FreeBSD | =11.2-p12 | |
FreeBSD FreeBSD | =11.2-p2 | |
FreeBSD FreeBSD | =11.2-p3 | |
FreeBSD FreeBSD | =11.2-p4 | |
FreeBSD FreeBSD | =11.2-p5 | |
FreeBSD FreeBSD | =11.2-p6 | |
FreeBSD FreeBSD | =11.2-p7 | |
FreeBSD FreeBSD | =11.2-p8 | |
FreeBSD FreeBSD | =11.2-p9 | |
FreeBSD FreeBSD | =11.2-rc3 | |
FreeBSD FreeBSD | =11.3 | |
FreeBSD FreeBSD | =11.3-p1 | |
FreeBSD FreeBSD | =12.0 | |
FreeBSD FreeBSD | =12.0-p1 | |
FreeBSD FreeBSD | =12.0-p2 | |
FreeBSD FreeBSD | =12.0-p3 | |
FreeBSD FreeBSD | =12.0-p4 | |
FreeBSD FreeBSD | =12.0-p5 | |
FreeBSD FreeBSD | =12.0-p6 | |
FreeBSD FreeBSD | =12.0-p7 | |
FreeBSD FreeBSD | =12.0-p8 | |
Python Python | >=3.7.0<3.7.13 | |
Python Python | >=3.8.0<3.8.13 | |
Python Python | >=3.9.0<3.9.11 | |
Python Python | >=3.10.0<3.10.3 | |
ubuntu/bzip2 | <1.0.6-9ubuntu0.19.04.1 | 1.0.6-9ubuntu0.19.04.1 |
ubuntu/bzip2 | <1.0.6-8.1ubuntu0.2 | 1.0.6-8.1ubuntu0.2 |
ubuntu/bzip2 | <1.0.6-9ubuntu0.18.10.1 | 1.0.6-9ubuntu0.18.10.1 |
ubuntu/bzip2 | <1.0.6-5ubuntu0.1~ | 1.0.6-5ubuntu0.1~ |
ubuntu/bzip2 | <1.0.7 | 1.0.7 |
ubuntu/bzip2 | <1.0.6-8ubuntu0.2 | 1.0.6-8ubuntu0.2 |
ubuntu/clamav | <0.101.4+dfsg-0ubuntu0.18.04.1 | 0.101.4+dfsg-0ubuntu0.18.04.1 |
ubuntu/clamav | <0.101.4+dfsg-0ubuntu0.19.04.1 | 0.101.4+dfsg-0ubuntu0.19.04.1 |
ubuntu/clamav | <0.101.4+dfsg-0ubuntu0.14.04.1+ | 0.101.4+dfsg-0ubuntu0.14.04.1+ |
ubuntu/clamav | <0.101.4 | 0.101.4 |
ubuntu/clamav | <0.101.4+dfsg-0ubuntu0.16.04.1 | 0.101.4+dfsg-0ubuntu0.16.04.1 |
debian/bzip2 | 1.0.6-9.2~deb10u1 1.0.6-9.2~deb10u2 1.0.8-4 1.0.8-5 1.0.8-5.1 | |
debian/clamav | 0.103.6+dfsg-0+deb10u1 0.103.9+dfsg-0+deb10u1 0.103.10+dfsg-0+deb11u1 1.0.3+dfsg-1~deb12u1 1.0.5+dfsg-1 1.0.5+dfsg-1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2019-12900 is a vulnerability in the BZ2_decompress function in bzip2 through version 1.0.6 that allows an out-of-bounds write when there are many selectors.
The severity of CVE-2019-12900 is critical with a CVSS score of 9.8.
CVE-2019-12900 affects bzip2 versions 1.0.6 through 1.0.8 causing an out-of-bounds write in the BZ2_decompress function.
To fix CVE-2019-12900 in bzip2, update to version 1.0.9 or later.
Yes, you can find references for CVE-2019-12900 at the following links: [1] GitLab commit: 74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc [2] Debian LTS announce: June 2019 message [3] Ubuntu Security Notice: USN-4038-2.