bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-12900
Patch:
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
(from redmine: issue id 10642, created on 2019-07-02, closed on 2019-07-09)
- Relations:
- child #10643 (closed)
- child #10644 (closed)
- child #10645 (closed)
- child #10646 (closed)
- child #10647 (closed)