Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

lrzip

Source -

NVDCNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

1
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2025-15571
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.01% / 1.88%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 14:32
Updated-10 Feb, 2026 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ckolivas lrzip stream.c ucompthread null pointer dereference

A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-ckolivas
Product-lrzip
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-15570
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.01% / 0.23%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 13:02
Updated-10 Feb, 2026 | 15:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ckolivas lrzip stream.c lzma_decompress_buf use after free

A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-ckolivas
Product-lrzip
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-416
Use After Free
CVE-2025-9396
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.03% / 8.22%
||
7 Day CHG~0.00%
Published-24 Aug, 2025 | 22:32
Updated-12 Sep, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ckolivas lrzip strtol_l.c __GI_____strtol_l_internal null pointer dereference

A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function __GI_____strtol_l_internal of the file strtol_l.c. Performing manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be exploited.

Action-Not Available
Vendor-ckolivasckolivas
Product-lrziplrzip
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference