CVE-2017-8845 lzo2

Metadata

medium
4.3
lzo2
CVE-2017-8845
2017-06-16 19:23
CVE-2017-8845 lrzip
CVE-2017-8845
2017-05-20 05:03
2017-05-10 05:03
2017-05-09 07:03

Description

The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
jessie lzo2 None
sid lzo2 None
stretch lzo2 None
wheezy lzo2 None