23 matches found
CVE-2022-26291
CVE-2022-26291 affects lrzip, where a concurrency use-after-free between zpaq_decompress_buf() and clear_rulist() can cause a Denial of Service via a crafted lrz file. The issue is confirmed in Debian/Ubuntu advisories: fixed in lrzip 0.641-1+deb11u1 (Bullseye) and related backports, with earlier...
CVE-2021-27347
CVE-2021-27347 affects lrzip 0.631 (Irzip) with a use-after-free in lzma_decompress_buf in stream.c, enabling DoS via a crafted compressed file. Debian and Ubuntu advisories indicate fixed packages: oldstable (buster) 0.631+git180528-1+deb10u1; stable (bullseye) 0.641-1+deb11u1. Other related CVE...
CVE-2021-27345
CVE-2021-27345 relates to lrzip (Irzip) 0.631, where a null pointer dereference in ucompthread() in stream.c can cause a denial of service via a crafted ZIP file. The vulnerability affects lrzip packages across multiple distros; fixed versions are provided in Debian security advisories (e.g., DSA...
CVE-2020-25467
CVE-2020-25467 affects lrzip’s internals: a null pointer dereference in lzo_decompress_buf (stream.c) of Irzip 0.621 can cause a denial of service via a crafted compressed file. Connected sources confirm multiple vendor advisories and patches across distributions (e.g., Debian DSA-5145-1 and DLA-...
CVE-2017-8844
The CVE-2017-8844 issue affects lrzip 0.631 where the read_1g function in stream.c inside liblrzip.so can be exploited by a crafted archive to cause a heap-based buffer overflow, potentially triggering a denial of service or other impact. Public advisories (Debian DLA-2725-1, Ubuntu USN-5171-1/2,...
CVE-2017-8846
CVE-2017-8846 affects lrzip 0.631. The read_stream function in lrzip’s lrzip/liblrzip.so has a use-after-free vulnerability that can cause a denial of service via a crafted archive. Public references (Debian/Ubuntu advisories and Gentoo GLSA) confirm the issue and track fixes. Remediation involve...
CVE-2018-5786
CVE-2018-5786 affects Long Range ZIP (lrzip). The flaw is in lrzip 0.631’s get_fileinfo routine, which can enter an infinite loop when processing a crafted lrz file, leading to denial of service via remote input. Public advisories confirm impact across lrzip deployments and list patched versions:...
CVE-2018-11496
CVE-2018-11496 affects lrzip 0.631, where a use-after-free occurs in read_stream due to missing size validation in decompress_file; Debian DLA-2725-1 fixes this in lrzip 0.631-1+deb9u1, and Ubuntu advisories USN-5171-1/2 indicate fixes for lrzip as part of the security updates. Remediation: upgra...
CVE-2017-9929
lrzip 0.631 is affected by a stack-based buffer overflow in get_fileinfo (CVE-2017-9929), enabling DoS via crafted files. Debian/Ubuntu advisories (DLA-2725-1, USN-5171-1/2) indicate fixes in updated packages and list related CVEs (CVE-2017-8844, -8846, -9928, -9929, -2018-5650, -2018-5747, -2018...
CVE-2018-5747
CVE-2018-5747 is a use-after-free in lrzip 0.631 (Long Range ZIP) within ucompthread (stream.c) that could allow a remote attacker to cause a denial of service via a crafted lrz file. Affected product is lrzip; root cause is use-after-free in the decoding/stream path. Debian DLA-2725 fixes this i...
CVE-2018-10685
CVE-2018-10685 affects lrzip 0.631: a use-after-free in lzma_decompress_buf (stream.c) allows a remote attacker to crash the application or cause unspecified impact (DoS). Debian DLA-2725-1/NASL and Ubuntu USN-5171 advisories show 0.631 is fixed by package updates (e.g., 0.631-1+deb9u1 for Debian...
CVE-2017-9928
CVE-2017-9928 affects lrzip 0.631, where a stack buffer overflow in lrzip.c:get_fileinfo (line 979) can cause a denial of service via a crafted file. Multiple connected advisories confirm vulnerability in lrzip and list affected releases and fixes: Debian 9 stretch fixed in 0.631-1+deb9u1; Ubuntu...
CVE-2021-33453
CVE-2021-33453 affects lrzip version 0.641, with a use-after-free in ucompthread() in stream.c:1538. The vulnerability is described across multiple sources, with impact ratings in the NVD CVSSv3.1 vector (Local access, User interaction required, Confidentiality/Integrity/Availability impact High)...
CVE-2017-8845
CVE-2017-8845 affects lrzip (lrzip 0.631) via the lzo1x_d.ch code path in LZO 2.08, where lzo1x_decompress can trigger an invalid memory read and crash when processing a crafted archive. Connected docs confirm the vulnerability is remote-executable in a 0.631 deployment and ties to the same lzo1x...
CVE-2022-33067
CVE-2022-33067 affects lrzip v0.651, where multiple invalid arithmetic shifts in lrzip.c:get_magic and libzpaq/libzpaq.cpp:Predictor::init can lead to a Denial of Service. The Red Hat/NVD/CNVD entries confirm the vulnerability but do not provide concrete exploit details, affected versions beyond ...
CVE-2017-8843
CVE-2017-8843 affects lrzip 0.631; the join_pthread function in stream.c (liblrzip.so) can be triggered by processing a crafted archive, causing a NULL pointer dereference and application crash (remote DoS). Remediation: upgrade to lrzip 0.631_p20190619 or newer (per Gentoo GLSA 202005-01 / DLA a...
CVE-2017-8847
CVE-2017-8847 affects lrzip 0.631 where the bufRead::get() function in libzpaq/libzpaq.h within liblrzip.so can dereference a NULL pointer when processing a crafted archive, enabling a denial of service (application crash). Public advisories consistently identify this vulnerability in Long Range ...
CVE-2018-5650
CVE-2018-5650 affects Long Range ZIP (lrzip) 0.631, where an infinite loop in unzip_match in runzip.c can cause a denial of service via a crafted .lrz file. Exploitation is described as remote: a attacker could trigger the loop by supplying a malicious lrz file, leading to application hang or cra...
CVE-2017-8842
CVE-2017-8842 affects lrzip (Long Range ZIP), specifically the liblrzip/libzpaq.h path in lrzip 0.631. The root cause is the bufRead::get() function, which can be triggered by a crafted archive to cause a denial of service via a divide-by-zero error, leading to an application crash. Exploitation ...
CVE-2021-33451
CVE-2021-33451 affects lrzip 0.641. Connected records confirm a vulnerability due to memory leaks in fill_buffer() in stream.c, with no explicit exploitation details provided in the sources. Impact is described in terms of memory leaks; no patch or remediation is specified in the supplied documen...
CVE-2018-9058
CVE-2018-9058 affects Long Range ZIP (lrzip) 0.631. The NVD description cites an infinite loop in runzip_fd (runzip.c) triggered by a crafted lrz file, enabling denial of service. Related advisories (USN-5171-1/2; Debian/OpenVAS entries) group this with additional lrzip flaws and provide remediat...
CVE-2019-10654
The CVE-2019-10654 issue concerns Long Range ZIP (lrzip) 0.631 using liblzo2.so.2 (LZO 2.10). The vulnerable component is lzo1x_decompress; a crafted archive can trigger an invalid memory read leading to denial of service (application crash). This is tied to the same lrzip vulnerability family as...
CVE-2023-39741
The CVE-2023-39741 vulnerability affects lrzip v0.651, where a heap overflow in libzpaq::PostProcessor::write(int) can be triggered by a crafted file to cause a Denial of Service. The available connected documents confirm the root cause in /libzpaq/libzpaq.cpp and consistently describe DoS impact...