bzip2 bzip2recover Off-by-One OOB in 1.0.8 and earlier
CVE-2026-42250 Published on May 28, 2026
Off-by-One Leading to Out-of-Bounds Write in bzip2
bzip2 contains an offbyone error in the bzip2recover utility. When processing a specially crafted file, the application performs an outofbounds write to a global buffer, resulting in memory corruption and a crash (denial of service).
This issue was fixed in bzip2 patch 35d122a3df8b0cc4082a4d89fdc6ee99f375fe67
Weakness Type
What is a Memory Corruption Vulnerability?
The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.
CVE-2026-42250 has been classified to as a Memory Corruption vulnerability or weakness.
Affected Versions
bzip2:- Before and including 1.0.8 is affected.
- Version 35d122a3df8b0cc4082a4d89fdc6ee99f375fe67 is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.