This security advisory describes one low risk vulnerability.
CWE-416 - Use After Free
The vulnerability allows a remote attacker to cause the target application to crash.
The vulnerability exists due to an use-after-free error in bzip2recover when handling bzip2 files. A remote unauthenticated attacker can send a specially crafted bzip2 archive and cause the target application to crash.
Successful exploitation of this vulnerability will result in denial of service.Mitigation
Update the affected packages.
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.