Primary

Context

ckolivas lrzip Null Pointer Dereference Vulnerability in Stream.c ucompthread Function

Vulnerability

A null pointer dereference vulnerability has been identified in ckolivas lrzip versions through 0.651. This issue occurs in the ucompthread function within stream.c, where a pointer can be concurrently set to NULL while being accessed, leading to a crash. The vulnerability can be exploited locally, and a proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability causes a segmentation fault due to an invalid memory access, which can disrupt the application's execution and potentially be leveraged in a broader attack context.

Reproduction

The vulnerability can be reproduced by compiling lrzip with AddressSanitizer enabled, which will detect the null pointer dereference. After compiling the application, the issue can be triggered by running lrzip with a specific command that activates the vulnerable ucompthread function. The AddressSanitizer will report the null pointer dereference error, confirming the vulnerability's existence.

Added: Feb 10, 2026, 3:19 PM

Updated: Feb 10, 2026, 3:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.2

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.2

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ckolivas lrzip Null Pointer Dereference Vulnerability in Stream.c ucompthread Function

Vulnerability

Impact

Reproduction

Affected Products

ckolivas lrzip

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating