ckolivas lrzip stream.c ucompthread null pointer dereference_CVE-2025-15571

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2025-15571

Source VulDB

Published Feb 10, 2026 at 14:32

Affected Product

Vendor ckolivas

Product lrzip

Version 0.651

Affected Versions ckolivas lrzip 0.651

CWE Classification

CWE-476 CWE-404

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-02-10T14:32:08.345Z",
    "modified": "2026-02-10T14:32:08.345Z",
    "type": "cve",
    "title": "ckolivas lrzip stream.c ucompthread null pointer dereference",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.344931\nhttps://vuldb.com/?ctiid.344931\nhttps://vuldb.com/?submit.752603\nhttps://github.com/ckolivas/lrzip/issues/263\nhttps://github.com/user-attachments/files/21726331/PoC_NPD.zip\nhttps://github.com/ckolivas/lrzip/",
    "id": "CVE-2025-15571",
    "bulletinFamily": "",
    "cwe": [
        "CWE-476",
        "CWE-404"
    ],
    "cvelist": null,
    "sourceData": "ckolivas lrzip 0.651",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "lrzip",
    "version": "0.651",
    "vendor": "ckolivas",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}