cbcvebase.
CVE-2019-12900
published 2019-06-19

CVE-2019-12900: BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

PriorityP352critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
8.04%
94.1th percentile
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

Affected

36 ranges· showing 25
VendorProductVersion rangeFixed in
bzipbzip2<= 1.0.6
bzipbzip2>= 0 < 1.0.6-9.11.0.6-9.1
bzipbzip2>= 0 < 1.0.6-9.11.0.6-9.1
bzipbzip2>= 0 < 1.0.6-9.11.0.6-9.1
bzipbzip2>= 0 < 1.0.6-9.11.0.6-9.1
bzipbzip2>= 0 < 1.0.6-8ubuntu0.11.0.6-8ubuntu0.1
bzipbzip2>= 0 < 1.0.6-8.1ubuntu0.11.0.6-8.1ubuntu0.1
bzipbzip2>= 0 < 1.0.6-5ubuntu0.1~esm11.0.6-5ubuntu0.1~esm1
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
clamavclamav>= 0 < 0.101.4+dfsg-10.101.4+dfsg-1
clamavclamav>= 0 < 0.101.4+dfsg-10.101.4+dfsg-1
clamavclamav>= 0 < 0.101.4+dfsg-10.101.4+dfsg-1
clamavclamav>= 0 < 0.101.4+dfsg-10.101.4+dfsg-1
clamavclamav>= 0 < 0.101.4+dfsg-0ubuntu0.16.04.10.101.4+dfsg-0ubuntu0.16.04.1
clamavclamav>= 0 < 0.101.4+dfsg-0ubuntu0.18.04.10.101.4+dfsg-0ubuntu0.18.04.1
clamavclamav>= 0 < 0.101.4+dfsg-0ubuntu0.14.04.1+esm10.101.4+dfsg-0ubuntu0.14.04.1+esm1
debianbzip2< bzip2 1.0.6-9.1 (bookworm)bzip2 1.0.6-9.1 (bookworm)
debianclamav< bzip2 1.0.6-9.1 (bookworm)bzip2 1.0.6-9.1 (bookworm)
debiandebian_linux
freebsdfreebsd
freebsdfreebsd

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_msrc9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_oracle8.8CRITICAL
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.