CVE-2019-12900Out-of-bounds Write in Bzip2

CWE-787Out-of-bounds WriteCWE-1214CWE-190Integer Overflow or WraparoundCWE-822Untrusted Pointer Dereference24 documents12 sources
Severity
9.8CRITICALNVD
OSV7.5OSV6.5
EPSS
1.1%
top 21.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Bzip Bzip2ClamavPython+4 more
Timeline
PublishedJun 19
Latest updateNov 14

Description

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

Debianbzip/bzip2< 1.0.6-9.1+3
Ubuntubzip/bzip2< 1.0.6-8ubuntu0.1+2
NVDbzip/bzip21.0.6
NVDpython/python3.7.03.7.13+3
Debianclamav/clamav< 0.101.4+dfsg-1+3

Also affects: Freebsd 11.2, 11.3, 12.0, Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 19.04

Patches

Patch: gitlab.comPatch: seclists.orgPatch: security.freebsd.org

🔴Vulnerability Details

8
OSV
out-of-bounds write when there are many bzip2 selectors2025-11-14
GHSA
GHSA-j686-6fc2-2525: BZ2_decompress in decompress2022-05-24
OSV
clamav vulnerabilities2019-10-03
OSV
clamav vulnerabilities2019-10-02
OSV
bzip2 vulnerabilities2019-06-26

📋Vendor Advisories

10
Red Hat
bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).2024-11-15
Oracle
Oracle Oracle Database Server Risk Matrix: Core RDBMS (bzip2) — CVE-2019-129002020-10-15
Ubuntu
ClamAV vulnerabilities2019-10-03
Ubuntu
ClamAV vulnerabilities2019-10-02
BSD
FreeBSD-SA-19:18.bzip2: Multiple vulnerabilities in bzip22019-08-06

📄Research Papers

1
arXiv
LibAM: An Area Matching Framework for Detecting Third-party Libraries in Binaries2023-09-12

💬Community

4
Bugzilla
CVE-2019-12900 bzip2: out-of-bounds write in function BZ2_decompress [fedora-all]2019-06-27
Bugzilla
bzip2: out-of-bounds write in function BZ2_decompress2019-06-27
Bugzilla
CVE-2019-7663 libtiff: integer overflow in libtiff/tif_dirwrite.c resulting in an invalid pointer dereference2019-02-15
Bugzilla
bzip2: index out of bounds [@BZ2_decompress]2016-08-15