cpe:/a:gnu:gzip:1.2.4 cpe:/a:gnu:gzip:1.2.4a cpe:/a:gnu:gzip:1.3 cpe:/a:gnu:gzip:1.3.1 cpe:/a:gnu:gzip:1.3.2 cpe:/a:gnu:gzip:1.3.3 cpe:/a:gnu:gzip:1.3.4 cpe:/a:gnu:gzip:1.3.5 cpe:/a:gnu:gzip:1.3.6 cpe:/a:gnu:gzip:1.3.7 cpe:/a:gnu:gzip:1.3.8 cpe:/a:gnu:gzip:1.3.9 cpe:/a:gnu:gzip:1.3.10 cpe:/a:gnu:gzip:1.3.11 cpe:/a:gnu:gzip:1.3.12 CVE-2009-2624 2010-01-29T13:30:00.793-05:00 2010-11-18T01:29:52.377-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-01-31T17:31:00.000-05:00 SECUNIA 38132 SECUNIA 38223 SECUNIA 38232 VUPEN ADV-2010-0185 APPLE APPLE-SA-2010-11-10-1 DEBIAN DSA-1974 MANDRIVA MDVSA-2010:020 SUSE SUSE-SA:2010:008 UBUNTU USN-889-1 MLIST [bug-gzip] 20091002 gzip-1.3.13 released [major] CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263 CONFIRM http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2 CONFIRM http://support.apple.com/kb/HT4435 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=514711 The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.