An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-bounds write in bz3_decode_block.

An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a crash caused by an invalid memmove in bz3_decode_block.

An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3_decode_block out-of-bounds read.

An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read.

An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can only occur for a contract violation, and thus the report is invalid.

An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_decode_block out-of-bounds write can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.

An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.

The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product.

A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858."

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.