Lucene search
K

91 matches found

Cvelist
Cvelist
added 2021/06/10 3:37 p.m.31 views

CVE-2021-27347

Use after free in lzmadecompressbuf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service DoS via a crafted compressed file...

6.2AI score0.00716EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2020/09/04 12:0 a.m.6 views

PT-2020-6434 · Lrzip +2 · Lrzip +2

Name of the Vulnerable Software and Affected Versions: Lrzip version 0.631 Description: The issue is related to a use after free in the lzma decompress buf function in stream.c, which can be exploited by attackers to cause a Denial of Service DoS via a crafted compressed file. This can allow a...

9.8CVSS7.2AI score0.01897EPSS
Exploits6References40
Positive Technologies
Positive Technologies
added 2020/08/26 12:0 a.m.2 views

PT-2020-6423 · Lrzip +3 · Lrzip +3

Name of the Vulnerable Software and Affected Versions: Lrzip version 0.621 Description: A null pointer dereference was discovered in the lzo decompress buf function in stream.c, which allows an attacker to cause a denial of service DOS via a crafted compressed file. This issue can be exploited by...

9.8CVSS7.2AI score0.01897EPSS
Exploits6References43
CVE
CVE
added 2019/08/25 4:43 p.m.214 views

CVE-2019-15540

The CVE-2019-15540 issue affects libmirage 3.2.2 in CDemu, specifically the CSO filter (filters/filter-cso/filter-stream.c). The root cause is that the part size is not validated, causing a heap-based buffer overflow. This can lead to local privilege escalation to root on Linux. Connected advisor...

7.8CVSS7.5AI score0.00598EPSS
Exploits1References6Affected Software1
Veracode
Veracode
added 2019/01/15 8:53 a.m.33 views

Remote Code Execution (RCE)

php is vulnerable to remote code execution RCE attacks. The vulnerability exists through a format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information memory contents and possibly execute arbitrary cod...

6.8CVSS7.1AI score0.12652EPSS
Exploits2References15Affected Software2
UbuntuCve
UbuntuCve
added 2018/05/26 8:29 p.m.22 views

CVE-2018-11496

In Long Range Zip aka lrzip 0.631, there is a use-after-free in readstream in stream.c, because decompressfile in lrzip.c lacks certain size validation...

6.5CVSS6.9AI score0.01344EPSS
Exploits1References6
Prion
Prion
added 2018/05/26 8:29 p.m.18 views

Design/Logic Flaw

In Long Range Zip aka lrzip 0.631, there is a use-after-free in readstream in stream.c, because decompressfile in lrzip.c lacks certain size validation...

4.3CVSS7AI score0.01344EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2018/05/26 8:0 p.m.21 views

CVE-2018-11496

In Long Range Zip aka lrzip 0.631, there is a use-after-free in readstream in stream.c, because decompressfile in lrzip.c lacks certain size validation...

6.9AI score0.01344EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2018/05/02 10:29 p.m.35 views

CVE-2018-10685

In Long Range Zip aka lrzip 0.631, there is a use-after-free in the lzmadecompressbuf function of stream.c, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...

9.8CVSS7.2AI score0.02485EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2018/05/02 10:0 p.m.35 views

CVE-2018-10685

In Long Range Zip aka lrzip 0.631, there is a use-after-free in the lzmadecompressbuf function of stream.c, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...

9.8CVSS9.9AI score0.02485EPSS
Exploits1
CNVD
CNVD
added 2018/01/18 12:0 a.m.1 views

Long Range Zip ucompthread function memory misreference vulnerability

Long Range Zip also known as lrzip is a compression utility that specializes in compressing large files. A post-release reuse vulnerability exists in the ucompthread function in stream.c in Long Range Zip 0.631. A remote attacker can exploit this vulnerability via a specially crafted lrz file to...

5.5CVSS6.9AI score0.01275EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2018/01/17 7:29 p.m.22 views

CVE-2018-5747

In Long Range Zip aka lrzip 0.631, there is a use-after-free in the ucompthread function stream.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file...

5.5CVSS6.8AI score0.01275EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2018/01/17 12:0 a.m.3 views

PT-2018-17121 · Lrzip +1 · Long Range Zip +1

Name of the Vulnerable Software and Affected Versions: Long Range Zip aka lrzip version 0.631 Description: The issue is related to a use-after-free in the ucompthread function, located in stream.c. This could allow remote attackers to cause a denial of service by providing a crafted lrz file...

9.8CVSS5.8AI score0.02485EPSS
Exploits6References45
CNVD
CNVD
added 2017/05/10 12:0 a.m.4 views

lrzip denial of service vulnerability (CNVD-2017-07523)

lrzip Long Range ZIP is an open source compression utility for large files. A denial of service vulnerability exists in the 'readstream' function of the stream.c file in liblrzip.so in version 0.631 of lrzip. A remote attacker can exploit this vulnerability to cause a denial of service reuse afte...

5.5CVSS6.8AI score0.01572EPSS
Exploits0References1
OSV
OSV
added 2017/05/08 2:29 p.m.7 views

UBUNTU-CVE-2017-8846

The readstream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted archive...

5.5CVSS6.8AI score0.01572EPSS
Exploits0References5
NVD
NVD
added 2017/05/08 2:29 p.m.17 views

CVE-2017-8844

The read1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted archive...

7.8CVSS8.2AI score0.01597EPSS
Exploits0References4
NVD
NVD
added 2017/05/08 2:29 p.m.18 views

CVE-2017-8843

The joinpthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted archive...

5.5CVSS5.5AI score0.01383EPSS
Exploits0References3
OSV
OSV
added 2017/05/08 2:29 p.m.1 views

DEBIAN-CVE-2017-8846

The readstream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted archive...

5.5CVSS6.7AI score0.01572EPSS
Exploits0References1
OSV
OSV
added 2017/05/08 2:29 p.m.19 views

CVE-2017-8846

The readstream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted archive...

5.5CVSS6.6AI score
Exploits0References4
CVE
CVE
added 2017/05/08 2:0 p.m.64 views

CVE-2017-8843

CVE-2017-8843 affects lrzip 0.631; the join_pthread function in stream.c (liblrzip.so) can be triggered by processing a crafted archive, causing a NULL pointer dereference and application crash (remote DoS). Remediation: upgrade to lrzip 0.631_p20190619 or newer (per Gentoo GLSA 202005-01 / DLA a...

5.5CVSS5.7AI score0.01383EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder