First published: Sat Mar 30 2019(Updated: )
The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in Long Range Zip (aka lrzip) 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive, a different vulnerability than CVE-2017-8845.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Long Range Zip Project Long Range Zip | =0.631 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2019-10654.
The severity of CVE-2019-10654 is medium with a severity value of 5.5.
The affected software is Long Range Zip (lrzip) version 0.631.
CVE-2019-10654 allows remote attackers to cause a denial of service by exploiting a vulnerability in the lzo1x_decompress function in liblzo2.so.2.
At the moment, there is no available fix for CVE-2019-10654. It is recommended to update to a newer version if one becomes available.