USN-7414-1 xz-utils vulnerability

Harri K. Koskinen discovered that XZ Utils incorrectly handled the threaded xz decoder. If a user or automated system were tricked into processing an xz file, a remote attacker could use this issue to cause XZ Utils to crash, resulting in a denial of service, or possibly execute arbitrary code...

AZL-59497 CVE-2025-31115 affecting package xz for versions less than 5.4.4-2

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

CVE-2025-31115

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

ALPINE-CVE-2025-31115

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

DEBIAN-CVE-2025-31115

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

CVE-2025-31115 XZ has a heap-use-after-free bug in threaded .xz decoder

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

CVE-2025-31115

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

CVE-2025-31115

The CVE-2025-31115 affects XZ Utils’ liblzma multithreaded .xz decoder (lzma_stream_decoder_mt) in versions 5.3.3alpha through 5.8.0. The issue can cause a crash with heap-use-after-free and writes to memory based on a NULL pointer plus an offset, impacting applications/libraries that invoke the ...

CVE-2025-31115 XZ has a heap-use-after-free bug in threaded .xz decoder

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

CVE-2025-31115

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

CVE-2025-31115 XZ has a heap-use-after-free bug in threaded .xz decoder

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

UBUNTU-CVE-2025-31115

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

XZ Utils 安全漏洞

XZ Utils is an open source utility program by Tukaani. A security vulnerability exists in XZ Utils versions 5.3.3alpha through 5.8.0, which stems from a flaw in the multithreaded .xz decoder that could lead to a crash and reuse after release...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free when processing multiple threads in the workerdecoder function in streamdecodermt.c. An attacker can cause the input buffer to be freed while a worker-specific thread is still writing to it, triggering a crash. Note: The...

PT-2025-14778

Name of the Vulnerable Software and Affected Versions XZ Utils versions 5.3.3alpha through 5.8.0 Description The multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null...

Updated dcmtk packages fix security vulnerability

DCMTK dcmjpls JPEG-LS Decoder memory corruption. CVE-2025-2357...

MGASA-2025-0117 Updated dcmtk packages fix security vulnerability

DCMTK dcmjpls JPEG-LS Decoder memory corruption. CVE-2025-2357...

Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: CVE-2024-47538: Fixed a stack-buffer overflow in vorbishandleidentificationpacket bsc1234415. CVE-2024-47835: Fixed NULL-pointer dereference in LRC subtitle parser bsc1234450. CVE-2024-47600: Fixed Out-of-bounds read in...

SUSE-SU-2025:20241-1 Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: - CVE-2024-47538: Fixed a stack-buffer overflow in vorbishandleidentificationpacket bsc1234415. - CVE-2024-47835: Fixed NULL-pointer dereference in LRC subtitle parser bsc1234450. - CVE-2024-47600: Fixed Out-of-bounds read in...

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification through the ZipFileBodyDecoder. An attacker can trigger an out-of-memory condition, leading to server crashes or degraded performance by uploading a specially crafted ZIP fi...