91 matches found
CVE-2021-27347
Use after free in lzmadecompressbuf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service DoS via a crafted compressed file...
PT-2020-6434 · Lrzip +2 · Lrzip +2
Name of the Vulnerable Software and Affected Versions: Lrzip version 0.631 Description: The issue is related to a use after free in the lzma decompress buf function in stream.c, which can be exploited by attackers to cause a Denial of Service DoS via a crafted compressed file. This can allow a...
PT-2020-6423 · Lrzip +3 · Lrzip +3
Name of the Vulnerable Software and Affected Versions: Lrzip version 0.621 Description: A null pointer dereference was discovered in the lzo decompress buf function in stream.c, which allows an attacker to cause a denial of service DOS via a crafted compressed file. This issue can be exploited by...
CVE-2019-15540
The CVE-2019-15540 issue affects libmirage 3.2.2 in CDemu, specifically the CSO filter (filters/filter-cso/filter-stream.c). The root cause is that the part size is not validated, causing a heap-based buffer overflow. This can lead to local privilege escalation to root on Linux. Connected advisor...
Remote Code Execution (RCE)
php is vulnerable to remote code execution RCE attacks. The vulnerability exists through a format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information memory contents and possibly execute arbitrary cod...
CVE-2018-11496
In Long Range Zip aka lrzip 0.631, there is a use-after-free in readstream in stream.c, because decompressfile in lrzip.c lacks certain size validation...
Design/Logic Flaw
In Long Range Zip aka lrzip 0.631, there is a use-after-free in readstream in stream.c, because decompressfile in lrzip.c lacks certain size validation...
CVE-2018-11496
In Long Range Zip aka lrzip 0.631, there is a use-after-free in readstream in stream.c, because decompressfile in lrzip.c lacks certain size validation...
CVE-2018-10685
In Long Range Zip aka lrzip 0.631, there is a use-after-free in the lzmadecompressbuf function of stream.c, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...
CVE-2018-10685
In Long Range Zip aka lrzip 0.631, there is a use-after-free in the lzmadecompressbuf function of stream.c, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...
Long Range Zip ucompthread function memory misreference vulnerability
Long Range Zip also known as lrzip is a compression utility that specializes in compressing large files. A post-release reuse vulnerability exists in the ucompthread function in stream.c in Long Range Zip 0.631. A remote attacker can exploit this vulnerability via a specially crafted lrz file to...
CVE-2018-5747
In Long Range Zip aka lrzip 0.631, there is a use-after-free in the ucompthread function stream.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file...
PT-2018-17121 · Lrzip +1 · Long Range Zip +1
Name of the Vulnerable Software and Affected Versions: Long Range Zip aka lrzip version 0.631 Description: The issue is related to a use-after-free in the ucompthread function, located in stream.c. This could allow remote attackers to cause a denial of service by providing a crafted lrz file...
lrzip denial of service vulnerability (CNVD-2017-07523)
lrzip Long Range ZIP is an open source compression utility for large files. A denial of service vulnerability exists in the 'readstream' function of the stream.c file in liblrzip.so in version 0.631 of lrzip. A remote attacker can exploit this vulnerability to cause a denial of service reuse afte...
UBUNTU-CVE-2017-8846
The readstream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted archive...
CVE-2017-8844
The read1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted archive...
CVE-2017-8843
The joinpthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted archive...
DEBIAN-CVE-2017-8846
The readstream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted archive...
CVE-2017-8846
The readstream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted archive...
CVE-2017-8843
CVE-2017-8843 affects lrzip 0.631; the join_pthread function in stream.c (liblrzip.so) can be triggered by processing a crafted archive, causing a NULL pointer dereference and application crash (remote DoS). Remediation: upgrade to lrzip 0.631_p20190619 or newer (per Gentoo GLSA 202005-01 / DLA a...