CVE-2011-4089

bzip2 <1.0.5 - Code Injection

Title source: llm

Description

The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

Exploits (1)

exploitdb WORKING POC VERIFIED
by vladz · clocallinux
https://www.exploit-db.com/exploits/18147

References (5)

Scores

EPSS 0.0015
EPSS Percentile 35.5%

Details

CWE
CWE-264
Status published
Products (5)
bzip/bzip2 1.0
bzip/bzip2 1.0.1
bzip/bzip2 1.0.2
bzip/bzip2 1.0.3
bzip/bzip2 < 1.0.4
Published Apr 16, 2014
Tracked Since Feb 18, 2026