ckolivas lrzip
Easy fix2 remedies
cpe:2.3:a:lrzip_project:lrzip:*:*:*:*:*:*:*
Easy fix2 remedies
- >= 0.6.5, <= 0.651
Ckolivas Lrzip Null Pointer Dereference Vulnerability
Vulnerability
A null pointer dereference vulnerability has been identified in Ckolivas Lrzip versions through 0.651. This issue arises in the command line argument parsing, specifically within the 'strtol_l.c' file, in the function '__GI_____strtol_l_internal'. The vulnerability is triggered by malformed input that is not properly validated before being processed, leading to a crash when the program attempts to read from a null memory address. This flaw requires local access to exploit.
Impact
Exploitation of this vulnerability causes a null pointer dereference, leading to a segmentation fault and a crash of the application.
Reproduction
The vulnerability can be reproduced by compiling Lrzip with AddressSanitizer enabled, and then executing the program with the '--level -2 -i' option followed by the path to a crafted input file that triggers the null pointer dereference. The application will crash, demonstrating the vulnerability.
Added: Aug 24, 2025, 11:18 PM
Updated: Aug 24, 2025, 11:18 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
2.5exploitability
4.6remediation
8.3relevance
0.4threat
6.4urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.