CVE-2025-15570
Published: October 2, 2026
A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
MEDIUM
CVSS v3: 5.3
CVSS v3: 5.3
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 22.3 | lzma (17.01) | Needs Triage | ||
| 22.2 | lzma (17.01) | Needs Triage | ||
| 22.1 | lzma (17.01) | Needs Triage | ||
| 21.11.1 | lzma (17.01) | Needs Triage | ||
| 21.11 | lzma (17.01) | Needs Triage | ||
| 21.8.1 | lzma (17.01) | Needs Triage | ||
| 21.8 | lzma (17.01) | Needs Triage | ||
| 21.5.1 | lzma (17.01) | Needs Triage | ||
| 21.5.0 | lzma (17.01) | Needs Triage | ||
| 21.2.0 | lzma (17.01) | Needs Triage | ||
| 11.4.20 | lzma (17.01) | Needs Triage | ||
| 11.4.19.3667 | lzma (17.01) | Needs Triage | ||
| 11.4.18.3599 | lzma (17.01) | Needs Triage | ||
| 11.4.17 | lzma (17.01) | Needs Triage | ||
| 11.4.16.3445 | lzma (17.01) | Needs Triage | ||
| 11.4.15.3368 | lzma (17.01) | Needs Triage | ||
| 11.4.14.3263 | lzma (17.01) | Needs Triage | ||
| 11.4.13.3179 | lzma (17.01) | Needs Triage | ||
| 11.4.12.3054 | lzma (17.01) | Needs Triage | ||
| 11.4.11.3040 | lzma (17.01) | Needs Triage | ||
| 11.4.11.2990 | lzma (17.01) | Needs Triage | ||
| 11.4.10.2934 | lzma (17.01) | Needs Triage | ||
| 11.4.9.2878 | lzma (17.01) | Needs Triage | ||
| 11.4.8.2822 | lzma (17.01) | Needs Triage |
Severity score breakdown
Attack Complexity
LOW
Attack Vector
LOCAL
Availability Impact
LOW
Base Score
5.3
Base Severity
MEDIUM
Confidentiality Impact
LOW
Integrity Impact
LOW
Privileges Required
LOW
Scope
UNCHANGED
User Interaction
NONE
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version
3.1