GNU GZip Filename Directory Traversal Vulnerability

GNU GZip Filename Directory Traversal Vulnerability

The gzip utility is prone to a directory-traversal vulnerability. The issue occurs when gunzip is invoked on a malicious archive using the '-N' option.

An archive containing an absolute path for a filename that contains '/' characters can cause the file to be written using the absolute path contained in the filename.

A remote attacker may leverage this issue using a malicious archive to corrupt arbitrary files with the privileges of the user that is running the vulnerable software.