ckolivas lrzip stream.c lzma_decompress_buf use after free_CVE-2025-15570

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2025-15570

Source VulDB

Published Feb 10, 2026 at 13:02

Affected Product

Vendor ckolivas

Product lrzip

Version 0.651

Affected Versions ckolivas lrzip 0.651

CWE Classification

CWE-416 CWE-119

References

{
    "lastseen": "",
    "description": "A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-02-10T13:02:06.564Z",
    "modified": "2026-02-10T13:02:06.564Z",
    "type": "cve",
    "title": "ckolivas lrzip stream.c lzma_decompress_buf use after free",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.344926\nhttps://vuldb.com/?ctiid.344926\nhttps://vuldb.com/?submit.752595\nhttps://github.com/user-attachments/files/21709004/PoC_UAF.zip",
    "id": "CVE-2025-15570",
    "bulletinFamily": "",
    "cwe": [
        "CWE-416",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "ckolivas lrzip 0.651",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "lrzip",
    "version": "0.651",
    "vendor": "ckolivas",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}