CVE-2026-9669EPSS p29.2%

CVE-2026-9669CVE-2026-9669

Description

bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer. This could crash the process when processing untrusted data.

Scoring

EPSS0.38% probability of exploitation · percentile 29.2% · 2026-06-19T12:03:05Z
Last modified2026-06-10

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-42250
CVE
CVE-2026-20911
CVE
CVE-2026-24660
CVE
CVE-2026-20884
CVE
CVE-2026-25260
CVE
CVE-2026-25277
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.