Nixpkgs security tracker

Untriaged

Permalink CVE-2025-15570

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

ckolivas lrzip stream.c lzma_decompress_buf use after free

A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-344926 | ckolivas lrzip stream.c lzma_decompress_buf use after free vdb-entrytechnical-description
VDB-344926 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #752595 | ckolivas lrzip 0.651 Memory Corruption third-party-advisory
https://github.com/ckolivas/lrzip/issues/262 issue-tracking
https://github.com/user-attachments/files/21709004/PoC_UAF.zip exploit
https://github.com/ckolivas/lrzip/ product

Affected products

lrzip

==0.651

Matching in nixpkgs

pkgs.lrzip

CK LRZIP compression program (LZMA + RZIP)

nixos-unstable 0.651
- nixpkgs-unstable 0.651
- nixos-unstable-small 0.651
nixos-25.11 0.651
- nixpkgs-25.11-darwin 0.651

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.lrzip