First published: Thu Jun 10 2021(Updated: )
Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Long Range Zip Project Long Range Zip | =0.631 | |
Debian Debian Linux | =9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-27347 refers to a vulnerability in the Irzip software that allows attackers to cause a Denial of Service (DoS) by exploiting a use after free vulnerability in the lzma_decompress_buf function in stream.c.
The CVE-2021-27347 vulnerability affects Long Range Zip Project's Long Range Zip software version 0.631, potentially allowing attackers to cause a DoS attack using a crafted compressed file.
CVE-2021-27347 affects Debian Linux version 9.0.
The severity of CVE-2021-27347 is rated as medium with a CVSS score of 5.5.
To fix CVE-2021-27347, it is recommended to update to a patched version of the Irzip software released by the Long Range Zip Project or to update the Debian Linux operating system to a version that includes the fix.