{"id":"CVE-2011-4089","details":"The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.","modified":"2026-04-10T03:42:02.680833Z","published":"2014-04-16T18:37:11Z","references":[{"type":"EVIDENCE","url":"http://www.exploit-db.com/exploits/18147"},{"type":"FIX","url":"http://www.ubuntu.com/usn/USN-1308-1"},{"type":"FIX","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2011/Oct/804"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2011/10/28/16"}],"schema_version":"1.7.5"}