CVE-2017-9928 - In lrzip a stack buffer overflow was found in the function get_fileinfo in lrzip.c:979, which allows attackers to cause a denial of service via a crafted file. https://github.com/ckolivas/lrzip/issues/74 CVE-2017-9929 - In lrzip a stack buffer overflow was found in the function get_fileinfo in lrzip.c:1074, which allows attackers to cause a denial of service via a crafted file. https://github.com/ckolivas/lrzip/issues/75
Created lrzip tracking bugs for this issue: Affects: epel-all [bug 1469154] Affects: fedora-all [bug 1469155]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.