Bzip3 Project Bzip3 vulnerabilities

CVE-2023-29421 [HIGH] CWE-787 CVE-2023-29421: An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-bounds write in bz3_ An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-bounds write in bz3_decode_block.

CVE-2023-29420 [MEDIUM] CWE-119 CVE-2023-29420: An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a crash caused by an invalid m An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a crash caused by an invalid memmove in bz3_decode_block.

CVE-2023-29418 [MEDIUM] CWE-125 CVE-2023-29418: An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read. An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read.

CVE-2023-29416 [MEDIUM] CWE-787 CVE-2023-29416: An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_decode_block out-of-bounds write An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_decode_block out-of-bounds write can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.

CVE-2023-29419 [MEDIUM] CWE-125 CVE-2023-29419: An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3_decode_block out-of-boun An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3_decode_block out-of-bounds read.

CVE-2023-29415 [MEDIUM] CVE-2023-29415: An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.

CVE-2023-29417 [MEDIUM] CWE-125 CVE-2023-29417: An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress out-of-bounds read i An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can only occur for a contract violation, and thus the report is invalid.