PT-2026-53256 · Gnu · Gzip
Marcin Wyczechowski
+1
·
Published
2026-06-29
·
Updated
2026-06-29
·
CVE-2026-41992
CVSS v4.0
6.9
Medium
| Vector | AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
GNU gzip (affected versions not specified)
Description
An issue exists in the LZH decompression logic where shared global state is improperly reused between different decompression formats during a single execution. The software maintains a global array shared across LZ77, LZW, and LZH routines that is not reinitialized between processed files. An attacker can poison this shared state by decompressing a specially crafted LZW file followed by a specially crafted LZH file in a single command, triggering an out-of-bounds read in the LZH decoder as it follows stale values left in the shared array.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Buffer Over-read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gzip