CVE-2010-0001

Name of the Vulnerable Software and Affected Versions gzip versions prior to 1.4 ncompress (affected versions not specified)

Description The issue is related to an integer underflow in the unlzw function, which can be triggered by a crafted archive using LZW compression. This may lead to an array index error, causing a denial of service or potentially allowing the execution of arbitrary code. Multiple vulnerabilities in the ncompress package may compromise the confidentiality, integrity, and availability of protected information, and these vulnerabilities can be exploited remotely.

Recommendations For gzip versions prior to 1.4, update to version 1.4 or later to resolve the issue. For ncompress, at the moment, there is no information about a newer version that contains a fix for this vulnerability.