CVE-2017-8844

Name of the Vulnerable Software and Affected Versions lrzip version 0.631

Description The issue allows remote attackers to cause a denial of service, resulting in a heap-based buffer overflow and application crash, or possibly have other unspecified impacts via a crafted archive. This is due to a problem in the read 1g function in stream.c in liblrzip.so.

Recommendations For lrzip version 0.631, consider updating to a newer version that contains a fix for this issue, as the current version is affected by a heap-based buffer overflow that can lead to a denial of service or other unspecified impacts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.