CVE-2025-15571
Null Pointer Dereference in lrzip ucompthread Function (Local
Publication date: 2026-02-10
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ckolivas | lrzip | to 0.651 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-15571 is a concurrency-related null pointer dereference vulnerability found in the lrzip compression tool, specifically in the function ucompthread within the file stream.c. The issue arises because one thread can set a pointer to NULL while another thread is accessing it, leading to a null pointer dereference (NPD). This causes the program to crash or terminate unexpectedly.
The vulnerability occurs due to improper synchronization and premature deallocation of shared thread-related data structures used during decompression. It can be reliably triggered by exploiting race conditions in the code.
The attack requires local access to the system and is considered easy to exploit, with a publicly available proof-of-concept exploit.
How can this vulnerability impact me? :
This vulnerability primarily impacts the availability of the lrzip software by causing it to crash or terminate unexpectedly during decompression operations.
An attacker with local access can exploit this flaw to trigger a denial of service (DoS) condition, disrupting normal use of the software.
Since the exploit requires local privileges, remote exploitation is not possible, but it still poses a risk in environments where local access can be obtained.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by reproducing the null pointer dereference condition in the lrzip tool. A proof-of-concept exploit is publicly available and can be used to trigger the crash.
To detect the issue, you can run the lrzip binary with the provided PoC file using the following command:
- ./lrzip -t -p2 ./PoC_NPD
Additionally, compiling lrzip with AddressSanitizer enabled can help detect the null pointer dereference during testing or debugging. Compilation flags include:
- gcc -fsanitize=address -fno-omit-frame-pointer -g -O0
- g++ -fsanitize=address -fno-omit-frame-pointer -g -O0
AddressSanitizer will report segmentation faults caused by the null pointer dereference in the ucompthread function.
What immediate steps should I take to mitigate this vulnerability?
Currently, no known countermeasures or patches have been provided by the lrzip project to fix this vulnerability.
Since the exploit requires local access and can cause a denial of service by crashing the application, immediate mitigation steps include:
- Restrict local access to systems running vulnerable versions of lrzip (up to 0.651).
- Avoid running untrusted or malicious lrzip decompression tasks locally.
- Consider using alternative compression tools that do not have this vulnerability.
Monitoring for crashes or abnormal terminations of lrzip processes can help detect exploitation attempts.