CVE-2025-15571: NULL Pointer Dereference in ckolivas lrzip
A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
AI Analysis
Technical Summary
CVE-2025-15571 is a security vulnerability identified in the lrzip compression tool developed by ckolivas, specifically affecting version 0.651. The vulnerability resides in the ucompthread function within the stream.c source file, where improper handling of certain inputs leads to a NULL pointer dereference. This condition causes the application to crash, resulting in a denial of service (DoS) scenario. The attack vector is local, meaning an attacker must have local access with at least limited privileges to trigger the flaw. No authentication bypass or privilege escalation is involved, and no user interaction beyond local execution is required. The vulnerability does not impact confidentiality or integrity but affects availability by crashing the lrzip process. Although the vulnerability was reported early to the project, no patch or official response has been issued as of the publication date. Public exploit code has been disclosed but is not known to be actively exploited in the wild. The CVSS v4.0 base score is 4.8, reflecting medium severity due to the local attack vector and limited impact scope. lrzip is commonly used on Linux and Unix-like systems for efficient compression of large files, often in backup or archival contexts. Disruption of lrzip operations could affect workflows relying on this tool, particularly in environments processing large datasets or backups.
Potential Impact
For European organizations, the primary impact of CVE-2025-15571 is the potential disruption of services relying on lrzip for compression and decompression tasks. This could affect data backup, archival, and transfer processes, leading to operational delays or failures. While the vulnerability does not allow data theft or system takeover, repeated crashes could degrade system stability or availability of critical data processing pipelines. Organizations with multi-user systems where local access is granted to many users or contractors are at higher risk. The lack of a patch increases exposure time, and public exploit availability raises the possibility of opportunistic attacks. However, the requirement for local access limits the threat to insider attackers or compromised accounts. European sectors with heavy use of Linux-based infrastructure, such as research institutions, media companies, and cloud service providers, may be more affected. The impact is less severe for organizations that do not use lrzip or restrict local user privileges tightly.
Mitigation Recommendations
1. Restrict local access to systems running lrzip to trusted users only, minimizing the risk of exploitation by unauthorized personnel. 2. Monitor system logs and application behavior for abnormal lrzip crashes or core dumps that may indicate exploitation attempts. 3. Implement strict user privilege management and consider using containerization or sandboxing to isolate lrzip processes. 4. Where feasible, replace lrzip with alternative compression tools that do not have this vulnerability until a patch is released. 5. Regularly check for updates from the lrzip project or community for patches addressing this vulnerability. 6. Educate system administrators and users about the risks of running untrusted code locally and enforce policies to prevent unauthorized software execution. 7. Employ host-based intrusion detection systems (HIDS) to detect anomalous local activity related to lrzip usage. 8. For critical systems, consider disabling lrzip if it is not essential or restrict its usage to controlled environments.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden
CVE-2025-15571: NULL Pointer Dereference in ckolivas lrzip
Description
A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
AI-Powered Analysis
Technical Analysis
CVE-2025-15571 is a security vulnerability identified in the lrzip compression tool developed by ckolivas, specifically affecting version 0.651. The vulnerability resides in the ucompthread function within the stream.c source file, where improper handling of certain inputs leads to a NULL pointer dereference. This condition causes the application to crash, resulting in a denial of service (DoS) scenario. The attack vector is local, meaning an attacker must have local access with at least limited privileges to trigger the flaw. No authentication bypass or privilege escalation is involved, and no user interaction beyond local execution is required. The vulnerability does not impact confidentiality or integrity but affects availability by crashing the lrzip process. Although the vulnerability was reported early to the project, no patch or official response has been issued as of the publication date. Public exploit code has been disclosed but is not known to be actively exploited in the wild. The CVSS v4.0 base score is 4.8, reflecting medium severity due to the local attack vector and limited impact scope. lrzip is commonly used on Linux and Unix-like systems for efficient compression of large files, often in backup or archival contexts. Disruption of lrzip operations could affect workflows relying on this tool, particularly in environments processing large datasets or backups.
Potential Impact
For European organizations, the primary impact of CVE-2025-15571 is the potential disruption of services relying on lrzip for compression and decompression tasks. This could affect data backup, archival, and transfer processes, leading to operational delays or failures. While the vulnerability does not allow data theft or system takeover, repeated crashes could degrade system stability or availability of critical data processing pipelines. Organizations with multi-user systems where local access is granted to many users or contractors are at higher risk. The lack of a patch increases exposure time, and public exploit availability raises the possibility of opportunistic attacks. However, the requirement for local access limits the threat to insider attackers or compromised accounts. European sectors with heavy use of Linux-based infrastructure, such as research institutions, media companies, and cloud service providers, may be more affected. The impact is less severe for organizations that do not use lrzip or restrict local user privileges tightly.
Mitigation Recommendations
1. Restrict local access to systems running lrzip to trusted users only, minimizing the risk of exploitation by unauthorized personnel. 2. Monitor system logs and application behavior for abnormal lrzip crashes or core dumps that may indicate exploitation attempts. 3. Implement strict user privilege management and consider using containerization or sandboxing to isolate lrzip processes. 4. Where feasible, replace lrzip with alternative compression tools that do not have this vulnerability until a patch is released. 5. Regularly check for updates from the lrzip project or community for patches addressing this vulnerability. 6. Educate system administrators and users about the risks of running untrusted code locally and enforce policies to prevent unauthorized software execution. 7. Employ host-based intrusion detection systems (HIDS) to detect anomalous local activity related to lrzip usage. 8. For critical systems, consider disabling lrzip if it is not essential or restrict its usage to controlled environments.
Affected Countries
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-02-08T08:19:28.871Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 698b44b84b57a58fa114e1ec
Added to database: 2/10/2026, 2:46:16 PM
Last enriched: 2/10/2026, 3:01:09 PM
Last updated: 2/21/2026, 12:16:03 AM
Views: 32
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-27203: CWE-15: External Control of System or Configuration Setting in YosefHayim ebay-mcp
HighCVE-2026-27168: CWE-122: Heap-based Buffer Overflow in HappySeaFox sail
HighCVE-2026-27134: CWE-287: Improper Authentication in strimzi strimzi-kafka-operator
HighCVE-2026-27190: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in denoland deno
HighCVE-2026-27026: CWE-770: Allocation of Resources Without Limits or Throttling in py-pdf pypdf
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.