BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CREATE(Triage): {Link=https://nvd.nist.gov/vuln/detail/CVE-2019-12900 User=admin}