Low severity3.3NVD Advisory· Published Aug 24, 2025· Updated Apr 29, 2026

CVE-2025-9396

Description

A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function __GI_____strtol_l_internal of the file strtol_l.c. Performing manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be exploited.

Affected products

Ckolivas/Lrzip
cpe:2.3:a:ckolivas:lrzip:*:*:*:*:*:*:*:*
Range: <=0.651

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drive.google.com/file/d/1EFbiiM1d7Ozb0ucZt6zRO3ngU8ugUnCn/viewnvdExploit
github.com/ckolivas/lrzip/issues/264nvdExploitIssue TrackingVendor Advisory
vuldb.comnvdExploitThird Party AdvisoryVDB Entry
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdPermissions RequiredVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.214
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000