CVE-2025-15571

EUVD-2025-207261
A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
VulDBCNA
3.3 LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Debian logo
Debian Releases
Debian Product
Codename
lrzip
bookworm
postponed
bullseye
postponed
bullseye (security)
vulnerable
forky
0.660-1
fixed
sid
0.660-1
fixed
trixie
postponed
Common Weakness Enumeration
References
https://github.com/ckolivas/lrzip/
https://github.com/ckolivas/lrzip/issues/263
https://github.com/user-attachments/files/21726331/PoC_NPD.zip
https://vuldb.com/?ctiid.344931
https://vuldb.com/?id.344931
https://vuldb.com/?submit.752603