GNU gzip Vulnerability Allows gzexe Symlink Overwrite
ID: b1eea227-7e70-5885-b27b-f263b963e8d9
STIX ID: report--b1eea227-7e70-5885-b27b-f263b963e8d9
Feed Name: securityonline.info
Threat Score
CERT Polska disclosed two vulnerabilities in GNU gzip (CVE-2026-41991 and CVE-2026-41992) affecting versions through 1.14: a predictable temporary-file/symlink weakness in gzexe that can lead to local file overwrite and possible privilege escalation, and an LZH decompression bug that allows an out-of-bounds read; maintainers released fixes and administrators are advised to update promptly.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
