CVE-2019-10654

MEDIUM

Long Range Zip - Out-of-Bounds Read

Title source: rule
STIX 2.1

Description

The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in Long Range Zip (aka lrzip) 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive, a different vulnerability than CVE-2017-8845.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/ckolivas/lrzip/issues/108

Scores

CVSS v3 5.5
EPSS 0.0021
EPSS Percentile 43.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-125
Status published
Products (1)
long_range_zip_project/long_range_zip 0.631
Published Mar 30, 2019
Tracked Since Feb 18, 2026