Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 25 results


CVE-2023-39743

Low priority
Needs evaluation

lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c.

1 affected packages

lrzip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lrzip Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-39741

Medium priority
Needs evaluation

lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.

1 affected packages

lrzip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lrzip Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-33453

Medium priority
Needs evaluation

An issue was discovered in lrzip version 0.641. There is a use-after-free in ucompthread() in stream.c:1538.

1 affected packages

lrzip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lrzip Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-33451

Medium priority
Needs evaluation

An issue was discovered in lrzip version 0.641. There are memory leaks in fill_buffer() in stream.c.

1 affected packages

lrzip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lrzip Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-33067

Medium priority
Needs evaluation

Lrzip v0.651 was discovered to contain multiple invalid arithmetic shifts via the functions get_magic in lrzip.c and Predictor::init in libzpaq/libzpaq.cpp. These vulnerabilities allow attackers to cause a Denial of Service via...

2 affected packages

lrzip, zpaq

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lrzip Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
zpaq Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-28044

Medium priority

Some fixes available 6 of 7

Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control.

1 affected packages

lrzip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lrzip Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-26291

Medium priority

Some fixes available 3 of 4

lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file.

1 affected packages

lrzip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lrzip Not affected Fixed Fixed Fixed
Show less packages

CVE-2021-27347

Medium priority

Some fixes available 2 of 6

Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file.

1 affected packages

lrzip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lrzip Not affected Not affected Fixed Fixed Not affected
Show less packages

CVE-2021-27345

Low priority

Some fixes available 2 of 6

A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a denial of service (DOS) via a crafted compressed file.

1 affected packages

lrzip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lrzip Not affected Not affected Fixed Fixed Not affected
Show less packages

CVE-2020-25467

Low priority

Some fixes available 4 of 10

A null pointer dereference was discovered lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker to cause a denial of service (DOS) via a crafted compressed file.

1 affected packages

lrzip

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
lrzip Needs evaluation Not affected Fixed Fixed Fixed
Show less packages