{"id":"USN-5840-1","summary":"lrzip vulnerabilities","details":"It was discovered that Long Range ZIP incorrectly handled pointers. If \na user or an automated system were tricked into opening a certain \nspecially crafted ZIP file, an attacker could possibly use this issue\nto cause a denial of service. This issue only affected Ubuntu 14.04 ESM,\nUbuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-25467)\n\nIt was discovered that Long Range ZIP incorrectly handled pointers. If \na user or an automated system were tricked into opening a certain \nspecially crafted ZIP file, an attacker could possibly use this issue \nto cause a denial of service. This issue only affected Ubuntu 18.04 LTS\nand Ubuntu 20.04 LTS. (CVE-2021-27345, CVE-2021-27347)\n\nIt was discovered that Long Range ZIP incorrectly handled pointers. If \na user or an automated system were tricked into opening a certain \nspecially crafted ZIP file, an attacker could possibly use this issue\nto cause a denial of service. This issue only affected Ubuntu 16.04 ESM,\nUbuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2022-26291)\n\nIt was discovered that Long Range ZIP incorrectly handled memory allocation, \nwhich could lead to a heap memory corruption. An attacker could possibly use\nthis issue to cause denial of service. This issue affected Ubuntu 14.04 ESM,\nUbuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and \nUbuntu 22.10. (CVE-2022-28044)\n","modified":"2026-02-10T04:42:56Z","published":"2023-02-02T13:36:09Z","related":["UBUNTU-CVE-2018-5786","UBUNTU-CVE-2020-25467","UBUNTU-CVE-2021-27345","UBUNTU-CVE-2021-27347","UBUNTU-CVE-2022-26291","UBUNTU-CVE-2022-28044"],"upstream":["CVE-2018-5786","CVE-2020-25467","CVE-2021-27345","CVE-2021-27347","CVE-2022-26291","CVE-2022-28044","UBUNTU-CVE-2018-5786","UBUNTU-CVE-2020-25467","UBUNTU-CVE-2021-27345","UBUNTU-CVE-2021-27347","UBUNTU-CVE-2022-26291","UBUNTU-CVE-2022-28044"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5840-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-5786"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-25467"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-27345"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-27347"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-26291"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-28044"}],"affected":[{"package":{"name":"lrzip","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/lrzip@0.616-1ubuntu0.1~esm2?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.616-1ubuntu0.1~esm2"}]}],"versions":["0.608-2","0.616-1","0.616-1ubuntu0.1~esm","0.616-1ubuntu0.1~esm1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.616-1ubuntu0.1~esm2","binary_name":"lrzip"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5840-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2020-25467"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-28044"}],"ecosystem":"Ubuntu:Pro:14.04:LTS"}}},{"package":{"name":"lrzip","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/lrzip@0.621-1ubuntu0.1~esm2?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.621-1ubuntu0.1~esm2"}]}],"versions":["0.621-1","0.621-1ubuntu0.1~esm1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.621-1ubuntu0.1~esm2","binary_name":"lrzip"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5840-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2020-25467"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-26291"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-28044"}],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}},{"package":{"name":"lrzip","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/lrzip@0.631-1+deb9u3build0.18.04.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.631-1+deb9u3build0.18.04.1"}]}],"versions":["0.631-1","0.631-1+deb9u1build0.18.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.631-1+deb9u3build0.18.04.1","binary_name":"lrzip"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5840-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2020-25467"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2021-27345"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-27347"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-26291"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-28044"}],"ecosystem":"Ubuntu:18.04:LTS"}}},{"package":{"name":"lrzip","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/lrzip@0.631+git180528-1+deb10u1build0.20.04.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.631+git180528-1+deb10u1build0.20.04.1"}]}],"versions":["0.631+git180528-1","0.631+git180528-1build1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.631+git180528-1+deb10u1build0.20.04.1","binary_name":"lrzip"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5840-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2020-25467"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2021-27345"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-27347"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-26291"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-28044"}],"ecosystem":"Ubuntu:20.04:LTS"}}},{"package":{"name":"lrzip","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/lrzip@0.651-2ubuntu0.22.04.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.651-2ubuntu0.22.04.1"}]}],"versions":["0.641-1","0.651-2"],"ecosystem_specific":{"binaries":[{"binary_version":"0.651-2ubuntu0.22.04.1","binary_name":"lrzip"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5840-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2022-28044"}],"ecosystem":"Ubuntu:22.04:LTS"}}}],"schema_version":"1.7.3"}