Long Range Zip (lrzip) through version 0.631 is vulnerable to an infinite loop in the runzip.z:runzip_fd() functino. An attacker could exploit this to cause a denial of service via crafted lrz file. Upstream Issue: https://github.com/ckolivas/lrzip/issues/93
Created lrzip tracking bugs for this issue: Affects: fedora-26 [bug 1563066] Affects: epel-all [bug 1563065]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.