CVE-2022-33067

Name of the Vulnerable Software and Affected Versions Lrzip version 0.651

Description The issue is related to multiple invalid arithmetic shifts in the functions get magic in lrzip.c and Predictor::init in libzpaq/libzpaq.cpp. This allows attackers to cause a Denial of Service via unspecified vectors.

Recommendations For Lrzip version 0.651, consider disabling the get magic function and the Predictor::init function in libzpaq/libzpaq.cpp as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.