Published: 30 April 2017
The read_buf function in stream.c in rzip 2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.
From the Ubuntu security team
Agostino Sarubbo discovered that rzip has a heap-based buffer overflow vulnerability. An attacker could use this issue to cause a DoS or possibly execute arbitrary code.
CVSS 3 base score: 7.8
Launchpad, Ubuntu, Debian
|Ubuntu 18.04 LTS (Bionic Beaver)||
|Ubuntu 16.04 ESM (Xenial Xerus)||
|Ubuntu 14.04 ESM (Trusty Tahr)||
Does not exist
(trusty was released [2.1-2ubuntu0.14.04.1])