Debian Linux Security Advisory 2112-1 – Mikolaj Izdebski has discovered an integer overflow flaw in the BZ2_decompress function in bzip2/libbz2. An attacker could use a crafted bz2 file to cause a denial of service (application crash) or potentially to execute arbitrary code.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/94058/dsa-2112-1.txt
Source: https://packetstormsecurity.com/files/94058/Debian-Linux-Security-Advisory-2112-1.html