cosmopolitan icon indicating copy to clipboard operation
cosmopolitan copied to clipboard
verified publisher icon jart

Fix: Potential Vulnerability in bzip2 Library

Open tabudz opened this issue 11 months ago • 1 comments

This PR fixes a security vulnerability in inflate() that was cloned from zlib but did not receive the security patch applied in zlib. The original issue was reported and fixed under https://gitlab.com/federicomenaquintero/bzip2/-/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc.

This PR applies the same patch as the one in zlib to eliminate the vulnerability.

References https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://gitlab.com/federicomenaquintero/bzip2/-/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc

tabudz avatar Feb 18 '25 16:02 tabudz

@jart Can this 1-line security patch be applied?

reneleonhardt avatar Jun 19 '25 19:06 reneleonhardt