bzip2 bzip2recover Off-by-One OOB in 1.0.8 and earlier: CVE-2026-42250 May 2026

bzip2 bzip2recover Off-by-One OOB in 1.0.8 and earlier
CVE-2026-42250 Published on May 28, 2026

Off-by-One Leading to Out-of-Bounds Write in bzip2
bzip2 contains an offbyone error in the bzip2recover utility. When processing a specially crafted file, the application performs an outofbounds write to a global buffer, resulting in memory corruption and a crash (denial of service). This issue was fixed in bzip2 version 1.0.9

Weakness Type

What is a Memory Corruption Vulnerability?

The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.

CVE-2026-42250 has been classified to as a Memory Corruption vulnerability or weakness.

Affected Versions

Before 1.0.9 is affected.

bzip2 bzip2recover Off-by-One OOB in 1.0.8 and earlierCVE-2026-42250 Published on May 28, 2026

Weakness Type

What is a Memory Corruption Vulnerability?

Affected Versions

bzip2 bzip2recover Off-by-One OOB in 1.0.8 and earlier
CVE-2026-42250 Published on May 28, 2026