Python · Python · CVE-2026-9669
**Name of the Vulnerable Software and Affected Versions**
Python (affected versions not specified)
**Description**
`bz2.BZ2Decompressor` objects can be reused following a decompression error. If an application catches the resulting `OSError` and attempts to retry using the same decompressor, specially crafted input may cause the decompressor to resume from an invalid internal state. This leads to out-of-bounds writes to a stack buffer, which can result in a process crash when processing untrusted data.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.