lrzip:stack buffer overflow in get_fileinfo
Description lrzip ,a compression utility that excels at compressing large files (usually > 10-50 MB). Larger files and/or more free RAM means that the utility will be able to more effectively compress your files (ie: faster / smaller size), especially if the filesize(s) exceed 100 MB. You can either choose to optimise for speed (fast compression / decompression) or size, but not both. A stack buffer overflow was found in function get_fileinfo in lrzip.c,which allows attackers to cause a denial of service via a crafted file. #lrzip -i $FILE stack-buffer-overflow on address 0x7fff0e9e9038 at pc 0x7f8ece5fb795 bp 0x7fff0e9e8da0 sp 0x7fff0e9e8550 WRITE of size 10 at 0x7fff0e9e9038 thread T0 #0 0x7f8ece5fb794 in __interceptor_read ../../../../libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:545 #1 0x413f27 in get_fileinfo /home/haojun/Downloads/lrzip-master/lrzip.c:1074 #2 0x409ee1 in main ...