CVE-2023-39741 Information

Description

lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.

Reference

https://github.com/ckolivas/lrzip/issues/246 https://github.com/huanglei3/lrzip_poc/tree/main/lrzip_heap_overflow