CVE-2026-42250

UNKNOWN 0.0

Off-by-One Leading to Out-of-Bounds Write in bzip2

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

6th

bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash (denial of service). This issue was fixed in bzip2 patch 35d122a3df8b0cc4082a4d89fdc6ee99f375fe67

CWE	CWE-787
Vendor	bzip2
Product	bzip2
Published	May 28, 2026
Last Updated	Jun 5, 2026

Stay Ahead of the Next One

Get instant alerts for bzip2 bzip2

Be the first to know when new unknown vulnerabilities affecting bzip2 bzip2 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

bzip2 / bzip2

0 ≤ 1.0.8

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cert.pl: https://cert.pl/en/posts/2026/05/CVE-2026-42250/ sourceware.org: https://sourceware.org/bzip2/ inbox.sourceware.org: https://inbox.sourceware.org/bzip2-devel/[email protected]/ sourceware.org: https://sourceware.org/cgit/bzip2/commit/?id=35d122a3df8b0cc4082a4d89fdc6ee99f375fe67

Credits

Michał Majchrowicz (AFINE Team) Marcin Wyczechowski (AFINE Team)