{"id":"CVE-2019-12900","details":"BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.","aliases":["HSEC-2024-0002","PSF-2019-4"],"modified":"2026-05-15T12:03:34.106409056Z","published":"2019-06-19T23:15:09.910Z","related":["ALSA-2024:8922","ALSA-2025:0733","ALSA-2025:0925","SUSE-SU-2019:14122-1","SUSE-SU-2019:14139-1","SUSE-SU-2019:14231-1","SUSE-SU-2019:1846-1","SUSE-SU-2019:1955-1","SUSE-SU-2019:2004-1","SUSE-SU-2019:2013-1","SUSE-SU-2019:2013-2","SUSE-SU-2019:3053-1","SUSE-SU-2019:3066-1","SUSE-SU-2020:3729-1","SUSE-SU-2020:3790-1","SUSE-SU-2020:3918-1","openSUSE-SU-2019:1781-1","openSUSE-SU-2019:1918-1","openSUSE-SU-2019:2595-1","openSUSE-SU-2019:2597-1","openSUSE-SU-2020:2268-1","openSUSE-SU-2020:2276-1","openSUSE-SU-2024:10667-1","openSUSE-SU-2024:10685-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpes":["cpe:2.3:a:bzip:bzip2:*:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"1.0.6"}],"vendor_product":"bzip:bzip2"},{"source":"CPE_FIELD","cpes":["cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:*:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"12.04"},{"last_affected":"14.04"},{"last_affected":"16.04"},{"last_affected":"18.04"},{"last_affected":"19.04"}],"vendor_product":"canonical:ubuntu_linux"},{"source":"CPE_FIELD","cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"8.0"}],"vendor_product":"debian:debian_linux"},{"source":"CPE_FIELD","cpes":["cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:11.2:p10:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:11.2:p11:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:11.2:p12:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:11.2:rc3:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:12.0:p4:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:12.0:p5:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:12.0:p6:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:12.0:p7:*:*:*:*:*:*","cpe:2.3:o:freebsd:freebsd:12.0:p8:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"11.2-NA"},{"last_affected":"11.2-p10"},{"last_affected":"11.2-p11"},{"last_affected":"11.2-p12"},{"last_affected":"11.2-p2"},{"last_affected":"11.2-p3"},{"last_affected":"11.2-p4"},{"last_affected":"11.2-p5"},{"last_affected":"11.2-p6"},{"last_affected":"11.2-p7"},{"last_affected":"11.2-p8"},{"last_affected":"11.2-p9"},{"last_affected":"11.2-rc3"},{"last_affected":"11.3-NA"},{"last_affected":"11.3-p1"},{"last_affected":"12.0-NA"},{"last_affected":"12.0-p1"},{"last_affected":"12.0-p2"},{"last_affected":"12.0-p3"},{"last_affected":"12.0-p4"},{"last_affected":"12.0-p5"},{"last_affected":"12.0-p6"},{"last_affected":"12.0-p7"},{"last_affected":"12.0-p8"}],"vendor_product":"freebsd:freebsd"},{"source":"CPE_FIELD","cpes":["cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"15.0"},{"last_affected":"15.1"}],"vendor_product":"opensuse:leap"}]},"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E"},{"type":"WEB","url":"https://support.f5.com/csp/article/K68713584?utm_source=f5support&amp%3Butm_medium=RSS"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2019/Jul/22"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4038-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4038-2/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4146-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4146-2/"},{"type":"FIX","url":"https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc"},{"type":"FIX","url":"https://seclists.org/bugtraq/2019/Aug/4"},{"type":"FIX","url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}