CVE-2025-15571

EUVD-2025-207261
A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ckolivaslrzip
𝑥
≤ 0.651
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
lrzip
bookworm
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
0.660-1
fixed
sid
0.660-1
fixed
trixie
vulnerable
Common Weakness Enumeration
References
https://github.com/ckolivas/lrzip/
https://github.com/ckolivas/lrzip/issues/263
https://github.com/user-attachments/files/21726331/PoC_NPD.zip
https://vuldb.com/?ctiid.344931
https://vuldb.com/?id.344931
https://vuldb.com/?submit.752603