Background Print only logo
Cert logo
suomeksi | på svenska
Home Page | Advice | Reports | Activities |


P.O. Box 313
FI-00181 Helsinki
Phone: +358 295 390 230 (lnf/mcf)

PGP keys

Finnish Communications Regulatory Authority (FICORA):

Itämerenkatu 3 A
P. O. Box 313
Phone: +358 259 390 100 (lnf/mcf)

Detailed contact information

Home Page > Reports > 2010 > CERT-FI Advisory on GNU gzip

CERT-FI Advisory on GNU gzip

Target - servers and server applications
- workstations and end user applications
- network devices
- embedded systems
- mobile devices

Access Vector - remote

Impact - potential code execution
- denial of service

Remediation - fix provided by vendor


Two vulnerabilities related to the handling of compressed files were found in gzip. The first vulnerability (CVE-2009-2624) results from missing input sanitation of dynamic Huffman codes, and the second vulnerability (CVE-2010-0001) is an integer underflow in the handling of files compressed with the Lempel–Ziv–Welch (LZW) compression algorithm. The second vulnerability only affects 64 bit systems. A remote attacker could exploit the vulnerabilities with a specially-crafted gzip compressed data archive. Opening the archive file could lead to denial of service (gzip crash) or, potentially, to arbitrary code execution with the privileges of the user running gzip.

CERT-FI coordinated the remediation effort of the vulnerabilities.

Vulnerability Coordination Information and Acknowledgements

CERT-FI has coordinated the release of these vulnerabilities between the vulnerability researcher and the affected vendors. CERT-FI would like to thank the Oulu University Secure Programming Group (OUSPG) for reporting the vulnerabilities to us, and Red Hat and Jim Meyering for co-operation in the remediation efforts.

Vendor Information

  • GNU gzip versions from 1.3.3 to 1.3.14 are affected. The latest version 1.4 is not affected.


Install either a fixed version of the GNU gzip or a fixed version provided by your software distribution.


Contact Information

CERT-FI Vulnerability Coordination can be contacted as follows:

Please quote the advisory reference [FICORA #216853] in the subject line

+358 9 6966 510
Monday - Friday 08:00 - 16:15 (EET: UTC+2)

Fax :
+358 9 6966 515

Vulnerability Coordination
P.O. Box 313
FI-00181 Helsinki

CERT-FI encourages those who wish to communicate via email to make use of our PGP key. The key is available at

The CERT-FI vulnerability coordination policy can be viewed at

Revision History

21 Jan 2010, 14:57 UTC: Published
4 Jun 2010, 13:37 UTC: Added JVNDB reference
26 Jul 2010, 10:54 UTC: Added Debian advisory
15 Nov 2010, 8:00 UTC: Added Apple advisory

Page updated 15.11.2010   Print version Print version