CVE-2025-9396 MEDIUM

CVE-2025-9396: ckolivas lrzip strtol_l.c __GI_____strtol_l_internal null pointer dereference

Vendor Ckolivas
Product lrzip
Weakness CWE-476
Published August 24, 2025
Last update August 25, 2025

CVSS base score

4.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function __GI_____strtol_l_internal of the file strtol_l.c. Performing manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be exploited.

Key dates

02Disclosure timeline

August 24, 2025 CVE published
August 25, 2025 Record updated