CVE-2026-42250 - Vulnerability Details

- Off-by-One Leading to Out-of-Bounds Write in bzip2

Description

bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash (denial of service).

This issue was fixed in bzip2 patch 35d122a3df8b0cc4082a4d89fdc6ee99f375fe67

Published: 2026-05-28

Score: 4.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An off‑by‑one error in the bzip2recover utility allows a specially crafted file to trigger an out‑of‑bounds write to a global buffer, corrupting memory and causing the program to crash. This results in a denial of service. The weakness is an off‑by‑one error leading to an out‑of‑bounds write, classified as CWE‑193 and CWE‑787.

Affected Systems

Any installation of bzip2 that includes the bzip2recover utility may be vulnerable; the CVE does not specify which exact versions are affected, only that the flaw was fixed by patch 35d122a3df8b0cc4082a4d89fdc6ee99f375fe67.

Risk and Exploitability

The CVSS score of 4.8 reflects a moderate severity because the flaw only produces a crash, not arbitrary code execution. The EPSS score of 0.00021 indicates an extremely low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector is local: an attacker must be able to execute bzip2recover against a crafted file on the affected system; remote exploitation would require additional compromise beyond this flaw.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

bzip2

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.0.8
`35d122a3df8b0cc4082a4d89fdc6ee99f375fe67`	unaffected	—

No data.

Vendor Product Confidence Versions

Bzip

Bzip2

95%

Version	Status	Scheme	Platform
`[0,1.0.9)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade bzip2 to a release that includes patch 35d122a3df8b0cc4082a4d89fdc6ee99f375fe67.
If an upgrade cannot be performed immediately, avoid invoking bzip2recover with archives from untrusted sources or replace the tool with a safer alternative that performs safer input validation.
After updating or restricting usage, monitor system logs for crash events associated with bzip2recover to confirm the issue is resolved.

Generated by OpenCVE AI on June 9, 2026 at 13:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00128.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://cert.pl/en/posts/2026/05/CVE-2026-42250/
https://inbox.sourceware.org/bzip2-devel/20260528145407.293768-1-mark@klomp.org/
https://nvd.nist.gov/vuln/detail/CVE-2026-42250
https://sourceware.org/bzip2/
https://sourceware.org/cgit/bzip2/commit/?id=35d122a3df8b0cc4082a4d89fdc6ee99f375fe67
https://www.cve.org/CVERecord?id=CVE-2026-42250

History

Tue, 09 Jun 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-193
References		https://nvd.nist.gov/vuln/detail/CVE-2026-42250 https://www.cve.org/CVERecord?id=CVE-2026-42250
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.0, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Fri, 05 Jun 2026 08:00:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}`	cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}`

Sat, 30 May 2026 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Bzip Bzip bzip2
Vendors & Products		Bzip Bzip bzip2

Thu, 28 May 2026 18:00:00 +0000

Type	Values Removed	Values Added
Description	bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash (denial of service). This issue was fixed in bzip2 version 1.0.9	bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash (denial of service). This issue was fixed in bzip2 patch 35d122a3df8b0cc4082a4d89fdc6ee99f375fe67
References		https://inbox.sourceware.org/bzip2-devel/20260528145407.293768-1-mark@klomp.org/ https://sourceware.org/cgit/bzip2/commit/?id=35d122a3df8b0cc4082a4d89fdc6ee99f375fe67

Thu, 28 May 2026 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 28 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash (denial of service). This issue was fixed in bzip2 version 1.0.9
Title		Off-by-One Leading to Out-of-Bounds Write in bzip2
Weaknesses		CWE-787
References		https://cert.pl/en/posts/2026/05/CVE-2026-42250/ https://sourceware.org/bzip2/
Metrics		cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}`

Subscriptions

Bzip Bzip2

MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published: 2026-05-28T13:15:19.660Z

Updated: 2026-06-05T07:47:33.397Z

Reserved: 2026-04-25T11:31:56.229Z

Link: CVE-2026-42250

Vulnrichment

Updated: 2026-05-28T14:22:56.254Z

NVD

Status : Awaiting Analysis

Published: 2026-05-28T14:16:19.890

Modified: 2026-06-05T08:16:30.133

Link: CVE-2026-42250

Redhat

Severity : Moderate

Publid Date: 2026-05-28T13:15:19Z

Links: CVE-2026-42250 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-09T13:30:04Z

Weaknesses

CWE-193
Off-by-one Error
CWE-787
Out-of-bounds Write

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object