FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Integer overflow in bzip2 decompression

Affected packages
6.4 <= FreeBSD < 6.4_11
7.1 <= FreeBSD < 7.1_14
7.3 <= FreeBSD < 7.3_3
8.0 <= FreeBSD < 8.0_5
8.1 <= FreeBSD < 8.1_1

Details

VuXML ID 18dc48fe-ca42-11df-aade-0050568f000c
Discovery 2010-09-20
Entry 2010-10-24
Modified 2016-08-09

Problem Description:

When decompressing data, the run-length encoded values are not adequately sanity-checked, allowing for an integer overflow.

References

FreeBSD Advisory SA-10:08.bzip2