Vulnerabilities > Long Range ZIP Project > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-01-17 CVE-2018-5747 Use After Free vulnerability in multiple products
In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c).
local
low complexity
long-range-zip-project debian CWE-416
5.5
2018-01-12 CVE-2018-5650 Infinite Loop vulnerability in Long Range ZIP Project Long Range ZIP 0.631
In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c.
4.3
2017-06-26 CVE-2017-9929 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file.
local
low complexity
long-range-zip-project debian CWE-119
5.5
2017-06-26 CVE-2017-9928 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In lrzip 0.631, a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file.
local
low complexity
long-range-zip-project debian CWE-119
5.5
2017-05-08 CVE-2017-8847 NULL Pointer Dereference vulnerability in Long Range ZIP Project Long Range ZIP 0.631
The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.
local
low complexity
long-range-zip-project CWE-476
5.5
2017-05-08 CVE-2017-8846 Use After Free vulnerability in multiple products
The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive.
local
low complexity
long-range-zip-project debian CWE-416
5.5
2017-05-08 CVE-2017-8845 Out-of-bounds Read vulnerability in Long Range ZIP Project Long Range ZIP 0.631
The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive.
local
low complexity
long-range-zip-project CWE-125
5.5
2017-05-08 CVE-2017-8843 NULL Pointer Dereference vulnerability in Long Range ZIP Project Long Range ZIP 0.631
The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.
local
low complexity
long-range-zip-project CWE-476
5.5
2017-05-08 CVE-2017-8842 Divide By Zero vulnerability in Long Range ZIP Project Long Range ZIP 0.631
The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted archive.
local
low complexity
long-range-zip-project CWE-369
5.5