Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
CVE(s): CVE-2010-0405
Affected product(s) and affected version(s):
IBM License Metric Tool v9
IBM BigFix Inventory v9
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2iIJ2DN
X-Force Database: http://ift.tt/2iBf2yf
from IBM Product Security Incident Response Team http://ift.tt/2iIKxSc
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.