Lucene search
K
Long Range Zip ProjectLong Range Zip

23 matches found

CVE
CVE
added 2022/03/28 9:52 p.m.137 views

CVE-2022-26291

CVE-2022-26291 affects lrzip, where a concurrency use-after-free between zpaq_decompress_buf() and clear_rulist() can cause a Denial of Service via a crafted lrz file. The issue is confirmed in Debian/Ubuntu advisories: fixed in lrzip 0.641-1+deb11u1 (Bullseye) and related backports, with earlier...

5.5CVSS5.4AI score0.00853EPSS
CVE
CVE
added 2021/06/10 3:37 p.m.119 views

CVE-2021-27347

CVE-2021-27347 affects lrzip 0.631 (Irzip) with a use-after-free in lzma_decompress_buf in stream.c, enabling DoS via a crafted compressed file. Debian and Ubuntu advisories indicate fixed packages: oldstable (buster) 0.631+git180528-1+deb10u1; stable (bullseye) 0.641-1+deb11u1. Other related CVE...

5.5CVSS5.7AI score0.00716EPSS
CVE
CVE
added 2021/06/10 3:45 p.m.104 views

CVE-2021-27345

CVE-2021-27345 relates to lrzip (Irzip) 0.631, where a null pointer dereference in ucompthread() in stream.c can cause a denial of service via a crafted ZIP file. The vulnerability affects lrzip packages across multiple distros; fixed versions are provided in Debian security advisories (e.g., DSA...

5.5CVSS5.2AI score0.00713EPSS
CVE
CVE
added 2021/06/10 3:41 p.m.91 views

CVE-2020-25467

CVE-2020-25467 affects lrzip’s internals: a null pointer dereference in lzo_decompress_buf (stream.c) of Irzip 0.621 can cause a denial of service via a crafted compressed file. Connected sources confirm multiple vendor advisories and patches across distributions (e.g., Debian DSA-5145-1 and DLA-...

5.5CVSS5.2AI score0.00929EPSS
CVE
CVE
added 2017/05/08 2:0 p.m.84 views

CVE-2017-8844

The CVE-2017-8844 issue affects lrzip 0.631 where the read_1g function in stream.c inside liblrzip.so can be exploited by a crafted archive to cause a heap-based buffer overflow, potentially triggering a denial of service or other impact. Public advisories (Debian DLA-2725-1, Ubuntu USN-5171-1/2,...

7.8CVSS8.1AI score0.01597EPSS
CVE
CVE
added 2017/05/08 2:0 p.m.83 views

CVE-2017-8846

CVE-2017-8846 affects lrzip 0.631. The read_stream function in lrzip’s lrzip/liblrzip.so has a use-after-free vulnerability that can cause a denial of service via a crafted archive. Public references (Debian/Ubuntu advisories and Gentoo GLSA) confirm the issue and track fixes. Remediation involve...

5.5CVSS5.8AI score0.01572EPSS
CVE
CVE
added 2018/01/19 8:0 a.m.83 views

CVE-2018-5786

CVE-2018-5786 affects Long Range ZIP (lrzip). The flaw is in lrzip 0.631’s get_fileinfo routine, which can enter an infinite loop when processing a crafted lrz file, leading to denial of service via remote input. Public advisories confirm impact across lrzip deployments and list patched versions:...

5.5CVSS5.8AI score0.01327EPSS
CVE
CVE
added 2018/05/26 8:0 p.m.76 views

CVE-2018-11496

CVE-2018-11496 affects lrzip 0.631, where a use-after-free occurs in read_stream due to missing size validation in decompress_file; Debian DLA-2725-1 fixes this in lrzip 0.631-1+deb9u1, and Ubuntu advisories USN-5171-1/2 indicate fixes for lrzip as part of the security updates. Remediation: upgra...

6.5CVSS6.7AI score0.01344EPSS
CVE
CVE
added 2017/06/26 7:0 a.m.73 views

CVE-2017-9929

lrzip 0.631 is affected by a stack-based buffer overflow in get_fileinfo (CVE-2017-9929), enabling DoS via crafted files. Debian/Ubuntu advisories (DLA-2725-1, USN-5171-1/2) indicate fixes in updated packages and list related CVEs (CVE-2017-8844, -8846, -9928, -9929, -2018-5650, -2018-5747, -2018...

5.5CVSS6AI score0.01045EPSS
CVE
CVE
added 2018/01/17 7:0 p.m.71 views

CVE-2018-5747

CVE-2018-5747 is a use-after-free in lrzip 0.631 (Long Range ZIP) within ucompthread (stream.c) that could allow a remote attacker to cause a denial of service via a crafted lrz file. Affected product is lrzip; root cause is use-after-free in the decoding/stream path. Debian DLA-2725 fixes this i...

5.5CVSS5.8AI score0.01275EPSS
CVE
CVE
added 2018/05/02 10:0 p.m.70 views

CVE-2018-10685

CVE-2018-10685 affects lrzip 0.631: a use-after-free in lzma_decompress_buf (stream.c) allows a remote attacker to crash the application or cause unspecified impact (DoS). Debian DLA-2725-1/NASL and Ubuntu USN-5171 advisories show 0.631 is fixed by package updates (e.g., 0.631-1+deb9u1 for Debian...

9.8CVSS8.8AI score0.02485EPSS
CVE
CVE
added 2017/06/26 7:0 a.m.68 views

CVE-2017-9928

CVE-2017-9928 affects lrzip 0.631, where a stack buffer overflow in lrzip.c:get_fileinfo (line 979) can cause a denial of service via a crafted file. Multiple connected advisories confirm vulnerability in lrzip and list affected releases and fixes: Debian 9 stretch fixed in 0.631-1+deb9u1; Ubuntu...

5.5CVSS6AI score0.01008EPSS
CVE
CVE
added 2017/05/08 2:0 p.m.66 views

CVE-2017-8845

CVE-2017-8845 affects lrzip (lrzip 0.631) via the lzo1x_d.ch code path in LZO 2.08, where lzo1x_decompress can trigger an invalid memory read and crash when processing a crafted archive. Connected docs confirm the vulnerability is remote-executable in a 0.631 deployment and ties to the same lzo1x...

5.5CVSS5.3AI score0.01364EPSS
CVE
CVE
added 2022/07/26 12:36 p.m.66 views

CVE-2021-33453

CVE-2021-33453 affects lrzip version 0.641, with a use-after-free in ucompthread() in stream.c:1538. The vulnerability is described across multiple sources, with impact ratings in the NVD CVSSv3.1 vector (Local access, User interaction required, Confidentiality/Integrity/Availability impact High)...

7.8CVSS7.6AI score0.00341EPSS
CVE
CVE
added 2022/06/22 1:24 p.m.65 views

CVE-2022-33067

CVE-2022-33067 affects lrzip v0.651, where multiple invalid arithmetic shifts in lrzip.c:get_magic and libzpaq/libzpaq.cpp:Predictor::init can lead to a Denial of Service. The Red Hat/NVD/CNVD entries confirm the vulnerability but do not provide concrete exploit details, affected versions beyond ...

5.5CVSS5.5AI score0.00584EPSS
CVE
CVE
added 2017/05/08 2:0 p.m.64 views

CVE-2017-8843

CVE-2017-8843 affects lrzip 0.631; the join_pthread function in stream.c (liblrzip.so) can be triggered by processing a crafted archive, causing a NULL pointer dereference and application crash (remote DoS). Remediation: upgrade to lrzip 0.631_p20190619 or newer (per Gentoo GLSA 202005-01 / DLA a...

5.5CVSS5.7AI score0.01383EPSS
CVE
CVE
added 2017/05/08 2:0 p.m.63 views

CVE-2017-8847

CVE-2017-8847 affects lrzip 0.631 where the bufRead::get() function in libzpaq/libzpaq.h within liblrzip.so can dereference a NULL pointer when processing a crafted archive, enabling a denial of service (application crash). Public advisories consistently identify this vulnerability in Long Range ...

5.5CVSS5.7AI score0.01383EPSS
CVE
CVE
added 2018/01/12 10:0 p.m.63 views

CVE-2018-5650

CVE-2018-5650 affects Long Range ZIP (lrzip) 0.631, where an infinite loop in unzip_match in runzip.c can cause a denial of service via a crafted .lrz file. Exploitation is described as remote: a attacker could trigger the loop by supplying a malicious lrz file, leading to application hang or cra...

5.5CVSS5.8AI score0.01172EPSS
CVE
CVE
added 2017/05/08 2:0 p.m.62 views

CVE-2017-8842

CVE-2017-8842 affects lrzip (Long Range ZIP), specifically the liblrzip/libzpaq.h path in lrzip 0.631. The root cause is the bufRead::get() function, which can be triggered by a crafted archive to cause a denial of service via a divide-by-zero error, leading to an application crash. Exploitation ...

5.5CVSS5.7AI score0.0158EPSS
CVE
CVE
added 2022/07/26 12:36 p.m.62 views

CVE-2021-33451

CVE-2021-33451 affects lrzip 0.641. Connected records confirm a vulnerability due to memory leaks in fill_buffer() in stream.c, with no explicit exploitation details provided in the sources. Impact is described in terms of memory leaks; no patch or remediation is specified in the supplied documen...

5.5CVSS5.5AI score0.00304EPSS
CVE
CVE
added 2018/03/27 9:0 p.m.58 views

CVE-2018-9058

CVE-2018-9058 affects Long Range ZIP (lrzip) 0.631. The NVD description cites an infinite loop in runzip_fd (runzip.c) triggered by a crafted lrz file, enabling denial of service. Related advisories (USN-5171-1/2; Debian/OpenVAS entries) group this with additional lrzip flaws and provide remediat...

5.5CVSS5.8AI score0.0117EPSS
CVE
CVE
added 2019/03/30 2:36 p.m.57 views

CVE-2019-10654

The CVE-2019-10654 issue concerns Long Range ZIP (lrzip) 0.631 using liblzo2.so.2 (LZO 2.10). The vulnerable component is lzo1x_decompress; a crafted archive can trigger an invalid memory read leading to denial of service (application crash). This is tied to the same lrzip vulnerability family as...

5.5CVSS5.2AI score0.01184EPSS
CVE
CVE
added 2023/08/17 12:0 a.m.47 views

CVE-2023-39741

The CVE-2023-39741 vulnerability affects lrzip v0.651, where a heap overflow in libzpaq::PostProcessor::write(int) can be triggered by a crafted file to cause a Denial of Service. The available connected documents confirm the root cause in /libzpaq/libzpaq.cpp and consistently describe DoS impact...

5.5CVSS5.4AI score0.00319EPSS