CVE-2026-41992: CWE-126: Buffer Over-read in GNU gzip
GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression routines and is not reinitialized between files processed in the same invocation. By decompressing a specially crafted LZW file followed by a specially crafted LZH file in a single gzip -d command, an attacker can poison the shared global state and subsequently trigger an out‑of‑bounds read in the LZH decoder. The LZH decompression logic follows stale values left in the shared array, causing reads past the end of the allocated global buffer. This issue has been fixed in the commit 63dbf6b3b9e6e781df1a6a64e609b10e23969681
AI Analysis
Technical Summary
The vulnerability in GNU gzip arises from a global buffer overflow caused by the reuse of a shared global array among LZ77, LZW, and LZH decompression routines without reinitialization between files processed in the same gzip invocation. By decompressing a specially crafted LZW file followed by a crafted LZH file in a single gzip -d command, an attacker can manipulate the shared global state to trigger an out-of-bounds read in the LZH decoder. This leads to buffer over-read conditions. The problem has been addressed and fixed in commit 63dbf6b3b9e6e781df1a6a64e609b10e23969681.
Potential Impact
The vulnerability allows an attacker to cause out-of-bounds reads during decompression, which may lead to information disclosure or application instability. The CVSS 4.0 score is 6.9 (medium severity), indicating a locally exploitable issue that does not require user interaction or privileges but has high impact on confidentiality. There are no known exploits in the wild at this time.
Mitigation Recommendations
A fix for this vulnerability has been implemented in the referenced commit (63dbf6b3b9e6e781df1a6a64e609b10e23969681). Users should update to a version of GNU gzip that includes this fix. Patch status is not explicitly stated beyond the commit; therefore, verify with the official GNU gzip source or vendor advisory for the availability of updated releases containing this fix.
CVE-2026-41992: CWE-126: Buffer Over-read in GNU gzip
Description
GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression routines and is not reinitialized between files processed in the same invocation. By decompressing a specially crafted LZW file followed by a specially crafted LZH file in a single gzip -d command, an attacker can poison the shared global state and subsequently trigger an out‑of‑bounds read in the LZH decoder. The LZH decompression logic follows stale values left in the shared array, causing reads past the end of the allocated global buffer. This issue has been fixed in the commit 63dbf6b3b9e6e781df1a6a64e609b10e23969681
CVSS v4.0
Score 6.9medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in GNU gzip arises from a global buffer overflow caused by the reuse of a shared global array among LZ77, LZW, and LZH decompression routines without reinitialization between files processed in the same gzip invocation. By decompressing a specially crafted LZW file followed by a crafted LZH file in a single gzip -d command, an attacker can manipulate the shared global state to trigger an out-of-bounds read in the LZH decoder. This leads to buffer over-read conditions. The problem has been addressed and fixed in commit 63dbf6b3b9e6e781df1a6a64e609b10e23969681.
Potential Impact
The vulnerability allows an attacker to cause out-of-bounds reads during decompression, which may lead to information disclosure or application instability. The CVSS 4.0 score is 6.9 (medium severity), indicating a locally exploitable issue that does not require user interaction or privileges but has high impact on confidentiality. There are no known exploits in the wild at this time.
Mitigation Recommendations
A fix for this vulnerability has been implemented in the referenced commit (63dbf6b3b9e6e781df1a6a64e609b10e23969681). Users should update to a version of GNU gzip that includes this fix. Patch status is not explicitly stated beyond the commit; therefore, verify with the official GNU gzip source or vendor advisory for the availability of updated releases containing this fix.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- CERT-PL
- Date Reserved
- 2026-04-23T08:06:09.511Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a425fd627e9c79719d0b4ff
Added to database: 06/29/2026, 12:06:46 UTC
Last enriched: 06/29/2026, 12:21:38 UTC
Last updated: 06/29/2026, 17:31:25 UTC
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.