Pointer Misuse in BusyBox's decompress_gunzip.c Leads to Application Crash

Pointer Misuse in BusyBox's decompress_gunzip.c Leads to Application Crash

CVE-2015-9261 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.

Learn more about our Cis Benchmark Audit For Suse Linux Enterprise Server.