A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
References
| Link | Resource |
|---|---|
| https://github.com/ckolivas/lrzip/ | Product |
| https://github.com/ckolivas/lrzip/issues/262 | Exploit Issue Tracking |
| https://github.com/user-attachments/files/21709004/PoC_UAF.zip | Exploit |
| https://vuldb.com/?ctiid.344926 | Permissions Required VDB Entry |
| https://vuldb.com/?id.344926 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.752595 | Third Party Advisory VDB Entry Exploit |
Configurations
History
27 Feb 2026, 18:13
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/ckolivas/lrzip/ - Product | |
| References | () https://github.com/ckolivas/lrzip/issues/262 - Exploit, Issue Tracking | |
| References | () https://github.com/user-attachments/files/21709004/PoC_UAF.zip - Exploit | |
| References | () https://vuldb.com/?ctiid.344926 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.344926 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.752595 - Third Party Advisory, VDB Entry, Exploit | |
| First Time |
Ckolivas lrzip
Ckolivas |
|
| CPE | cpe:2.3:a:ckolivas:lrzip:*:*:*:*:*:*:*:* |
10 Feb 2026, 14:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-02-10 14:16
Updated : 2026-02-27 18:13
NVD link : CVE-2025-15570
Mitre link : CVE-2025-15570
CVE.ORG link : CVE-2025-15570
JSON object : View
Products Affected
ckolivas
- lrzip