Vulnerability Details CVE-2020-25467
A null pointer dereference was discovered lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker to cause a denial of service (DOS) via a crafted compressed file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.4%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- https://bugs.launchpad.net/ubuntu/+source/lrzip/+bug/1893641
- https://github.com/ckolivas/lrzip/issues/163
- https://lists.debian.org/debian-lts-announce/2022/04/msg00012.html
- https://bugs.launchpad.net/ubuntu/+source/lrzip/+bug/1893641
- https://github.com/ckolivas/lrzip/issues/163
- https://lists.debian.org/debian-lts-announce/2022/04/msg00012.html
Products affected by CVE-2020-25467
-
cpe:2.3:a:long_range_zip_project:long_range_zip:0.621
-
cpe:2.3:o:debian:debian_linux:9.0