Source: lrzip Version: 0.651-2 Severity: important Tags: security upstream Forwarded: https://github.com/ckolivas/lrzip/issues/263 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for lrzip. CVE-2025-15571[0]: | A security vulnerability has been detected in ckolivas lrzip up to | 0.651. This vulnerability affects the function ucompthread of the | file stream.c. Such manipulation leads to null pointer dereference. | The attack can only be performed from a local environment. The | exploit has been disclosed publicly and may be used. The project was | informed of the problem early through an issue report but has not | responded yet. Note, it is said to be fixed in latest git, but no commit provided, cf. [2], so needs to be pinpointed. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-15571 https://www.cve.org/CVERecord?id=CVE-2025-15571 [1] https://github.com/ckolivas/lrzip/issues/263 [2] https://github.com/ckolivas/lrzip/issues/263#issuecomment-3894132137 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
