CVE-2025-9396 is a medium-severity vulnerability identified in the lrzip compression tool, version 0.651 and earlier, developed by ckolivas. The flaw arises from a NULL pointer dereference in the function __GI_____strtol_l_internal within the source file strtol_l.c. This function is responsible for converting strings to long integers with locale support. The vulnerability manifests when manipulated input leads to dereferencing a NULL pointer, causing the application to crash or behave unpredictably. The attack vector requires local access with at least low privileges (PR:L) and does not require user interaction or elevated privileges. The vulnerability does not impact confidentiality, integrity, or availability beyond causing a denial of service (application crash). Exploitation is limited to local users who can execute lrzip, and no remote exploitation is possible. Although an exploit has been publicly released, there are no known widespread attacks in the wild. The CVSS 4.0 base score is 4.8, reflecting the limited scope and impact. The vulnerability is exploitable with low complexity and no authentication beyond local access, but it does not allow privilege escalation or code execution.

For European organizations, the primary impact of CVE-2025-9396 is potential denial of service on systems using lrzip for compression tasks. Since lrzip is a niche compression tool optimized for large files, its usage is more common in environments dealing with large data sets, such as research institutions, media companies, and data centers. A local attacker or malicious insider could exploit this flaw to crash lrzip processes, potentially disrupting automated backup or archival workflows. However, the impact on confidentiality and integrity is minimal, and the vulnerability does not facilitate remote compromise. Organizations relying heavily on lrzip for critical data processing might experience operational interruptions, but the overall risk to European enterprises is moderate given the local access requirement and limited scope.

To mitigate this vulnerability, European organizations should: 1) Immediately update lrzip to a patched version once available from the vendor or community repositories. Since no patch links are currently provided, monitoring official sources for updates is critical. 2) Restrict local access to systems running lrzip to trusted users only, employing strict access controls and user privilege management to prevent unauthorized local exploitation. 3) Implement application whitelisting and monitoring to detect abnormal crashes or repeated failures of lrzip processes, which could indicate exploitation attempts. 4) Consider replacing lrzip with alternative compression tools that do not exhibit this vulnerability, especially in high-security environments. 5) Incorporate this vulnerability into local vulnerability management and incident response plans to ensure timely detection and remediation.