CVE-2022-26291

Name of the Vulnerable Software and Affected Versions lrzip version 0.641

Description The issue is related to a multiple concurrency use-after-free between the functions zpaq decompress buf() and clear rulist(). This allows attackers to cause a Denial of Service (DoS) via a crafted Irz file. The vulnerability is associated with parallel memory usage after release.

Recommendations For lrzip version 0.641, consider disabling the zpaq decompress buf() and clear rulist() functions as a temporary workaround to minimize the risk of exploitation. Avoid using crafted Irz files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.