Nixpkgs Security Tracker

Published

Permalink CVE-2025-15570

updated 1 day ago by @LeSuisse Activity log

Created automatic suggestion 1 day, 5 hours ago
@LeSuisse accepted 1 day ago
@LeSuisse published on GitHub 1 day ago

ckolivas lrzip stream.c lzma_decompress_buf use after free

A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected products

lrzip

==0.651

Matching in nixpkgs

pkgs.lrzip

CK LRZIP compression program (LZMA + RZIP)

nixos-unstable 0.651
- nixpkgs-unstable 0.651
- nixos-unstable-small 0.651
nixos-25.11 0.651
- nixos-25.11-small 0.651
- nixpkgs-25.11-darwin 0.651

Upstream issue: https://github.com/ckolivas/lrzip/issues/262

Untriaged

(browse all)

Permalink CVE-2025-15571

created 1 day, 5 hours ago

ckolivas lrzip stream.c ucompthread null pointer dereference

A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected products

lrzip

==0.651

Matching in nixpkgs

pkgs.lrzip

CK LRZIP compression program (LZMA + RZIP)

nixos-unstable 0.651
- nixpkgs-unstable 0.651
- nixos-unstable-small 0.651
nixos-25.11 0.651
- nixos-25.11-small 0.651
- nixpkgs-25.11-darwin 0.651

Suggestions search

Affected products

Matching in nixpkgs

pkgs.lrzip

Affected products

Matching in nixpkgs

pkgs.lrzip