Vulnerabilities > Long Range ZIP Project

DATE CVE VULNERABILITY TITLE RISK
2018-05-02 CVE-2018-10685 Use After Free vulnerability in Long Range ZIP Project Long Range ZIP 0.631
In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the lzma_decompress_buf function of stream.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
network
low complexity
long-range-zip-project CWE-416
critical
9.8
2018-03-27 CVE-2018-9058 Infinite Loop vulnerability in Long Range ZIP Project Long Range ZIP 0.631
In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the runzip_fd function of runzip.c.
local
low complexity
long-range-zip-project CWE-835
5.5
2018-01-19 CVE-2018-5786 Infinite Loop vulnerability in multiple products
In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.c).
local
low complexity
long-range-zip-project debian CWE-835
5.5
2018-01-17 CVE-2018-5747 Use After Free vulnerability in multiple products
In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c).
local
low complexity
long-range-zip-project debian CWE-416
5.5
2018-01-12 CVE-2018-5650 Infinite Loop vulnerability in Long Range ZIP Project Long Range ZIP 0.631
In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c.
local
low complexity
long-range-zip-project CWE-835
5.5
2017-06-26 CVE-2017-9929 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file.
local
low complexity
long-range-zip-project debian CWE-119
5.5
2017-06-26 CVE-2017-9928 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file.
local
low complexity
long-range-zip-project debian CWE-119
5.5
2017-05-08 CVE-2017-8847 NULL Pointer Dereference vulnerability in Long Range ZIP Project Long Range ZIP 0.631
The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.
local
low complexity
long-range-zip-project CWE-476
5.5
2017-05-08 CVE-2017-8846 Use After Free vulnerability in multiple products
The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive.
local
low complexity
long-range-zip-project debian CWE-416
5.5
2017-05-08 CVE-2017-8845 Out-of-bounds Read vulnerability in Long Range ZIP Project Long Range ZIP 0.631
The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive.
local
low complexity
long-range-zip-project CWE-125
5.5