Skip to main content

Gzip

2 CVEs product

Monthly

CVE-2026-41992 MEDIUM This Month

Out-of-bounds read in GNU gzip's LZH decompression logic allows an unprivileged local attacker to disclose memory contents by supplying two specially crafted archives - an LZW file followed by an LZH file - in a single gzip -d invocation. The shared global decompression array, never reinitialized between files in the same process invocation, is poisoned by the LZW pass and subsequently causes the LZH decoder to read past the end of the allocated buffer, yielding high confidentiality impact per the CVSS 4.0 vector (VC:H). No public exploit or CISA KEV listing has been identified at time of analysis; the fix exists as an upstream source commit only, with no confirmed packaged release.

Buffer Overflow Gzip
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-41991 LOW Monitor

Arbitrary file overwrite in GNU gzip's gzexe utility allows a local attacker to corrupt victim-accessible files via a symlink attack exploiting predictable temporary filename construction. When mktemp is absent from the user's PATH, gzexe falls back to PID-based temp file naming without exclusive creation or existence checks, enabling a TOCTOU race where a pre-planted symlink redirects the write to an attacker-chosen target. No public exploit or CISA KEV listing exists at time of analysis; impact is limited to low-integrity file overwrite with a CVSS 4.0 score of 2.0.

Information Disclosure Gzip
NVD VulDB
CVSS 4.0
2.0
EPSS
0.1%
EPSS 0% CVSS 6.9
MEDIUM This Month

Out-of-bounds read in GNU gzip's LZH decompression logic allows an unprivileged local attacker to disclose memory contents by supplying two specially crafted archives - an LZW file followed by an LZH file - in a single gzip -d invocation. The shared global decompression array, never reinitialized between files in the same process invocation, is poisoned by the LZW pass and subsequently causes the LZH decoder to read past the end of the allocated buffer, yielding high confidentiality impact per the CVSS 4.0 vector (VC:H). No public exploit or CISA KEV listing has been identified at time of analysis; the fix exists as an upstream source commit only, with no confirmed packaged release.

Buffer Overflow Gzip
NVD VulDB
EPSS 0% CVSS 2.0
LOW Monitor

Arbitrary file overwrite in GNU gzip's gzexe utility allows a local attacker to corrupt victim-accessible files via a symlink attack exploiting predictable temporary filename construction. When mktemp is absent from the user's PATH, gzexe falls back to PID-based temp file naming without exclusive creation or existence checks, enabling a TOCTOU race where a pre-planted symlink redirects the write to an attacker-chosen target. No public exploit or CISA KEV listing exists at time of analysis; impact is limited to low-integrity file overwrite with a CVSS 4.0 score of 2.0.

Information Disclosure Gzip
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy