Fabre

#1138255 bzip2: CVE-2026-42250 #1138255

Package:: src:bzip2

Source:: src:bzip2

Submitter:: Salvatore Bonaccorso

Date:: 2026-05-30 07:53:02 UTC

Severity:: normal

Tags:

#1138255#5

Date:: 2026-05-30 07:51:00 UTC

From:

To:

Hi,

The following vulnerability was published for bzip2.

CVE-2026-42250[0]:
| bzip2 contains an off‑by‑one error in the bzip2recover utility. When
| processing a specially crafted file, the application performs an
| out‑of‑bounds write to a global buffer, resulting in memory
| corruption and a crash (denial of service).  This issue was fixed in
| bzip2 patch 35d122a3df8b0cc4082a4d89fdc6ee99f375fe67


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-42250
https://www.cve.org/CVERecord?id=CVE-2026-42250
[1] https://inbox.sourceware.org/bzip2-devel/20260528145407.293768-1-mark@klomp.org/
[2] https://sourceware.org/cgit/bzip2/commit/?id=35d122a3df8b0cc4082a4d89fdc6ee99f375fe67

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

#1138255 bzip2: CVE-2026-42250 #1138255

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)