44 matches found
CVE-2026-34743
XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an Index that contained no Records, the resulting lzmaindex was left in a state where where a subsequent lzmaindexappend would allocate too little...
CVE-2026-34743
XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an Index that contained no Records, the resulting lzmaindex was left in a state where where a subsequent lzmaindexappend would allocate too little...
Exploit for Embedded Malicious Code in Tukaani Xz
xzdoor-poc !License: MIThttps://img.shields.io/badge/Lice...
Azure Linux 3.0 Security Update: xz (CVE-2025-31115)
The version of xz installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-31115 advisory. - XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to...
TencentOS Server 4: xz (TSSA-2025:0279)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0279 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Siemens SIMATIC S7-1500 Premature Release of Resource During Expected Lifetime (CVE-2025-31115)
The threaded .xz decoder in liblzma has a vulnerability that can at least result in a crash denial of service. The effects include heap use after free and writing to an address based on the null pointer plus an offset. This plugin only works with Tenable.ot. Please visit...
Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks
New research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the incident. More troubling is the fact that other images have been built on top of these infected base images, effectively propagating the infection furthe...
Astra Linux - уязвимость в xz-utils
XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...
OESA-2025-1431 xz security update
XZ Utils is free general-purpose data compression software with a high compression ratio. XZ Utils were written for POSIX-like systems, but also work on some not-so-POSIX systems. XZ Utils are the successor to LZMA Utils. Security Fixes: XZ Utils provide a general-purpose data-compression library...
UBUNTU-CVE-2025-31115
XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...
PT-2025-14778
Name of the Vulnerable Software and Affected Versions XZ Utils versions 5.3.3alpha through 5.8.0 Description The multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null...
CVE-2024-47611
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows MinGW-w64 or MSVC, the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters for exampl...
CVE-2024-47611
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows MinGW-w64 or MSVC, the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters for exampl...
CVE-2024-47611
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows MinGW-w64 or MSVC, the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters for exampl...
CVE-2024-47611 XZ Utils on Microsoft Windows platform are vulnerable to argument injection
XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows MinGW-w64 or MSVC, the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerability. If a command line contains Unicode characters for exampl...
CVE-2024-47611
CVE-2024-47611 affects XZ Utils on Windows platforms built with MinGW-w64 or MSVC for the command-line tools in versions 5.6.2 and earlier. The underlying issue is command-line argument handling where Unicode characters that do not exist in the legacy code page are converted to similar-looking ch...
Advisory ROSA-SA-2024-2409
Software: xz 5.2.2 OS: rosa-server79 packageevrstring: xz-5.2.2.2-2 CVE-ID: CVE-2024-3094 BDU-ID: 2024-02406 CVE-Crit: CRITICAL. CVE-DESC.: Malicious code was discovered in xz source archives starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts...
Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files
"Test files" associated with the XZ Utils backdoor have made their way to a Rust crate known as liblzma-sys, new findings from Phylum reveal. liblzma-sys, which has been downloaded over 21,000 times to date, provides Rust developers with bindings to the liblzma implementation, an underlying libra...
Exploit for Embedded Malicious Code in Tukaani Xz
Description Malicious code was discovered in the upstream tarb...
Injected Malicious Code
XZ is vulnerable to Injected Malicious Code. Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which...