Long Range Zip Project Long Range Zip — known CVE vulnerabilities
Every CVE whose affected-product data names Long Range Zip Project Long Range Zip, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2018-10685 — CVSS 9.8 (critical): In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the lzma_decompress_buf function of stream.c, which allows remote…
CVE-2021-33453 — CVSS 7.8 (high): An issue was discovered in lrzip version 0.641. There is a use-after-free in ucompthread() in stream.c:1538.
CVE-2017-8844 — CVSS 7.8 (high): The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer…
CVE-2018-11496 — CVSS 6.5 (medium): In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain…
CVE-2017-8847 — CVSS 5.5 (medium): The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL…
CVE-2017-9928 — CVSS 5.5 (medium): In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of…
CVE-2017-9929 — CVSS 5.5 (medium): In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of…
CVE-2018-5650 — CVSS 5.5 (medium): In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c. Remote…
CVE-2018-5747 — CVSS 5.5 (medium): In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). Remote attackers could leverage this…
CVE-2018-5786 — CVSS 5.5 (medium): In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.c). Remote…
CVE-2018-9058 — CVSS 5.5 (medium): In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the runzip_fd function of runzip.c. Remote attackers could leverage this…
CVE-2019-10654 — CVSS 5.5 (medium): The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in Long Range Zip (aka lrzip) 0.631, allows remote attackers to cause a…
CVE-2020-25467 — CVSS 5.5 (medium): A null pointer dereference was discovered lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker to cause a denial of…
CVE-2021-27345 — CVSS 5.5 (medium): A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a denial of service…
CVE-2021-27347 — CVSS 5.5 (medium): Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted…
CVE-2021-33451 — CVSS 5.5 (medium): An issue was discovered in lrzip version 0.641. There are memory leaks in fill_buffer() in stream.c.
CVE-2022-26291 — CVSS 5.5 (medium): lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and…
CVE-2022-33067 — CVSS 5.5 (medium): Lrzip v0.651 was discovered to contain multiple invalid arithmetic shifts via the functions get_magic in lrzip.c and Predictor::init in…
CVE-2017-8842 — CVSS 5.5 (medium): The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service…
CVE-2023-39741 — CVSS 5.5 (medium): lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp. This…
CVE-2017-8843 — CVSS 5.5 (medium): The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer…
CVE-2017-8845 — CVSS 5.5 (medium): The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service…
CVE-2017-8846 — CVSS 5.5 (medium): The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and…