EPSS
Percentile
54.8%
lrzip is vulnerable to denial of service. The vulnerability exists because there is an infinite loop and application hang in the get_fileinfo function in lrzip.c which allows a remote attacker to cause a denial of service via a crafted lrz file.
get_fileinfo
lrzip.c
github.com/ckolivas/lrzip/issues/91
lists.debian.org/debian-lts-announce/2021/08/msg00001.html
lists.debian.org/debian-lts-announce/2022/04/msg00012.html
security-tracker.debian.org/tracker/CVE-2018-5786
www.debian.org/security/2022/dsa-5145