3 matches found
CVE-2025-15570
Summary (CVE-2025-15570): Affects ckolivas lrzip up to 0.651. The vulnerability is in the function lzma_decompress_buf of stream.c, where manipulation leads to a use-after-free. Local attack required. The exploit has been publicly released and could be used. The project was informed via an issue ...
CVE-2025-9396
CVE-2025-9396 affects lrzip up to version 0.651 (ckolivas). The vulnerability targets __GI_____strtol_l_internal in strtol_l.c, where input manipulation can cause a null pointer dereference. Exploitation requires local access; public exploits exist. No vendor patch/version is provided in the avai...
CVE-2025-15571
Affected software : lrzip by ckolivas, up to version 0.651. Vulnerable component and root cause : within the file stream.c, function ucompthread, leading to a null pointer dereference. Impact and exploitability : local attacker access required; exploitation publicly disclosed. Status and monitori...