CVE-2017-8842

Name of the Vulnerable Software and Affected Versions lrzip version 0.631

Description The issue is related to a divide-by-zero error and application crash that can be triggered by remote attackers via a crafted archive. This is caused by the bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so.

Recommendations For version 0.631, consider updating to a newer version that addresses this issue, as the current version allows for a denial of service attack through a crafted archive. At the moment, there is no information about a newer version that contains a fix for this vulnerability.