CVE-2022-28044 – Ubuntu Security Notice USN-5840-1

https://notcve.org/view.php?id=CVE-2022-28044

15 Apr 2022 — Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control. Se ha detectado que Irzip versión v0.640, contenía una corrupción de memoria de la pila por medio del componente lrzip.c:initialise_control It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected ... • https://github.com/ckolivas/lrzip/commit/5faf80cd53ecfd16b636d653483144cd12004f46 • CWE-787: Out-of-bounds Write •