CVE-2025-15571Improper Resource Shutdown or Release in Lrzip

CWE-404Improper Resource Shutdown or ReleaseCWE-476NULL Pointer Dereference6 documents6 sources
Severity
4.8MEDIUMNVD
EPSS
0.0%
top 93.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ckolivas Lrzip
Timeline
PublishedFeb 10

Description

A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

Debianckolivas/lrzip< 0.660-1
NVDckolivas/lrzip0.651
CVEListV5ckolivas/lrzip0.651

🔴Vulnerability Details

3
GHSA
GHSA-x954-5gxx-h6v4: A security vulnerability has been detected in ckolivas lrzip up to 02026-02-10
OSV
CVE-2025-15571: A security vulnerability has been detected in ckolivas lrzip up to 02026-02-10
CVEList
ckolivas lrzip stream.c ucompthread null pointer dereference2026-02-10

📋Vendor Advisories

1
Debian
CVE-2025-15571: lrzip - A security vulnerability has been detected in ckolivas lrzip up to 0.651. This v...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-15571 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-15571 — Improper Resource Shutdown or Release | cvebase