QwikSec

Security Database

CVE

CWE

Training

CVE-2026-42250

Published: May 28, 2026

Modified: Jun 5, 2026

PUBLISHED

Description

bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash (denial of service). This issue was fixed in bzip2 patch 35d122a3df8b0cc4082a4d89fdc6ee99f375fe67

Vendor	Product	Versions
bzip2	bzip2	affected `0 - <= 1.0.8` unaffected `35d122a3df8b0cc4082a4d89fdc6ee99f375fe67`

Weaknesses (CWE)

References

https://cert.pl/en/posts/2026/05/CVE-2026-42250/

third-party-advisory

https://sourceware.org/bzip2/

product

https://inbox.sourceware.org/bzip2-devel/[email protected]/

vendor-advisory

https://sourceware.org/cgit/bzip2/commit/?id=35d122a3df8b0cc4082a4d89fdc6ee99f375fe67

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.