CVE-2006-4335

EPSS 3.6%

Published: 9/19/2006Modified: 4/28/2026

Also known as:DEBIAN-CVE-2006-4335

Description

Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability."

Affected packages (1)

Debian/gzipfrom 0, < 1.3.5-15

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2006-4335