2482704 – (CVE-2026-42250) CVE-2026-42250 bzip2: bzip2: Denial of Service in bzip2recover via a specially crafted file

Bug 2482704 (CVE-2026-42250) - CVE-2026-42250 bzip2: bzip2: Denial of Service in bzip2recover via a specially crafted file

Summary: CVE-2026-42250 bzip2: bzip2: Denial of Service in bzip2recover via a speciall...

Keywords:
Status:	NEW
Alias:	CVE-2026-42250
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-05-28 15:01 UTC by OSIDB Bzimport
Modified:	2026-06-15 12:34 UTC (History)
CC List:	51 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-05-28 15:01:57 UTC

bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash (denial of service).

This issue was fixed in bzip2 version 1.0.9

Note You need to log in before you can comment on or make changes to this bug.

anpicker
anthomas
aprice
bdettelb
bparees
brasmith
cochase
dbosanac
derez
doconnor
dranck
dschmidt
ehelms
erezende
ggainey
hasun
jfula
jkoehler
jlanda
jowilson
jreimann
jsamir
juwatts
kshier
lphiri
mdessi
mhulan
mjw
mrizzi
nmoumoul
nyancey
oezr
ometelka
osousa
pcattana
pcreech
ptisnovs
rchan
rekumar
rhel-process-autobot
simaishi
smallamp
smcdonal
stcannon
syedriko
teagle
tmalecek
vvoronko
watson-tool-maintainers
xdharmai
yguenane