CVE-2008-1372

Name of the Vulnerable Software and Affected Versions bzip2 versions prior to 1.0.5

Description The issue allows user-assisted remote attackers to cause a denial of service, resulting in a crash. This can be triggered by a crafted file that causes a buffer over-read. The PROTOS GENOME test suite for Archive Formats has demonstrated this issue.

Recommendations For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted files that may trigger the buffer over-read until a patch is applied. Restrict access to untrusted archive files to minimize the risk of exploitation.