CVE-2010-0001
EPSS 22.6%ncompress - execution of arbitrary code
發布日:2010/1/29修改日:2026/4/28
描述
Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.
受影響套件(3)
- Debian/gzipfrom 0, < 1.3.12-9
- Debian/ncompressfrom 0, < 4.2.4.3-1
- Debian/ncompressfrom 0, < 4.2.4.2-1+lenny1