{"url":"http://public2.vulnerablecode.io/api/packages/261748?format=json","purl":"pkg:apk/alpine/lrzip@0.660-r0?arch=x86&distroversion=v3.23&reponame=community","type":"apk","namespace":"alpine","name":"lrzip","version":"0.660-r0","qualifiers":{"arch":"x86","distroversion":"v3.23","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209329?format=json","vulnerability_id":"VCID-mus5-u5s3-gff4","summary":"Lrzip v0.651 was discovered to contain multiple invalid arithmetic shifts via the functions get_magic in lrzip.c and Predictor::init in libzpaq/libzpaq.cpp. These vulnerabilities allow attackers to cause a Denial of Service via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-33067","reference_id":"","reference_type":"","scores":[{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25022","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-33067"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33067","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33067"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/261748?format=json","purl":"pkg:apk/alpine/lrzip@0.660-r0?arch=x86&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/lrzip@0.660-r0%3Farch=x86&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2022-33067"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mus5-u5s3-gff4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/139202?format=json","vulnerability_id":"VCID-u97n-kzfz-fkds","summary":"lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39741","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10673","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39741"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059293","reference_id":"1059293","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059293"},{"reference_url":"https://github.com/ckolivas/lrzip/issues/246","reference_id":"246","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T18:15:58Z/"}],"url":"https://github.com/ckolivas/lrzip/issues/246"},{"reference_url":"https://gist.github.com/huanglei3/ec9090096aa92445cf0a8baa8e929084","reference_id":"ec9090096aa92445cf0a8baa8e929084","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T18:15:58Z/"}],"url":"https://gist.github.com/huanglei3/ec9090096aa92445cf0a8baa8e929084"},{"reference_url":"https://github.com/huanglei3/lrzip_poc/tree/main/lrzip_heap_overflow","reference_id":"lrzip_heap_overflow","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T18:15:58Z/"}],"url":"https://github.com/huanglei3/lrzip_poc/tree/main/lrzip_heap_overflow"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/261748?format=json","purl":"pkg:apk/alpine/lrzip@0.660-r0?arch=x86&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/lrzip@0.660-r0%3Farch=x86&distroversion=v3.23&reponame=community"}],"aliases":["CVE-2023-39741"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u97n-kzfz-fkds"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/lrzip@0.660-r0%3Farch=x86&distroversion=v3.23&reponame=community"}