An arbitrary file write vulnerability was found in GNU
gzip's zgrep utility. When zgrep is applied on the
attacker's chosen file name (for example, a crafted
file name), this can overwrite an attacker's content
to an arbitrary attacker-selected file. This flaw
occurs due to insufficient validation when processing
filenames with two or more newlines where selected
content and the target file names are embedded in
crafted multi-line file names. This flaw allows a
remote, low privileged attacker to force zgrep to
write arbitrary files on the system.