CVE-2013-0296
Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0004 (0.0%)
Percentile: 13.4%
EPSS: 2026-05-06
Affects
zlib:pigzTechnical description
Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring.
Published: 4/27/2014, 9:55:05 PM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00106.html
- http://mail.zlib.net/pipermail/pigz-announce_zlib.net/2012-July/000006.html
- http://www.openwall.com/lists/oss-security/2013/02/15/4
- http://www.openwall.com/lists/oss-security/2013/02/16/3
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700608
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00106.html
- http://mail.zlib.net/pipermail/pigz-announce_zlib.net/2012-July/000006.html
- http://www.openwall.com/lists/oss-security/2013/02/15/4