364 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: erofs: corrected incorrect kunmap when using LZMA on HIGHMEM platforms As shown in the call trace, the root cause is incorrect pages handled by kunmap: BUG: Kernel NULL pointer dereference, address: 00000000 CPU: 1 PID: 40 Comm:...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: erofs: Fixed a memory leak caused by LZMA global compressed deduplication. When testing microLZMA EROFS images with the new global compressed deduplication feature enabled -Ededupe, I discovered that some short-lived temporary...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: erofs: Wake up all waiters after zerofslzmahead is ready When the user mounts erofs a second time, the decompression thread may become hung. The issue occurs due to a sequence of steps like the following: 1 Task A calls...
Astra Linux – Vulnerability in busybox
An out-of-bounds heap read in Busybox’s unlzma applet leads to information leakage and denial of service when LZMA-compressed input is decompressed. This can be triggered by any applet/format that…...
python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules
A flaw was found in Python's decompression modules, including lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is...
EulerOS Virtualization 2.13.0 : xz (EulerOS-SA-2026-2422)
According to the versions of the xz packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was us...
CVE-2026-46521
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and...
CVE-2026-46521 ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and...
EUVD-2026-36171
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and...
CVE-2026-46521
CVE-2026-46521 affects ImageMagick: a heap buffer over-write in the MIFF encoder when using LZMA compression due to a missing check. Exploitation is local with low complexity and requires user interaction, potentially impacting availability. A patch is available: fixed in ImageMagick versions 6.9...
CVE-2026-46521 ImageMagick: Heap Buffer Over-Write in MIFF encoder when using LZMA compression
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in versions 6.9.13-48 and...
EulerOS 2.0 SP13 : xz (EulerOS-SA-2026-2319)
According to the versions of the xz packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an...
EulerOS 2.0 SP13 : xz (EulerOS-SA-2026-2362)
According to the versions of the xz packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzmaindexdecoder was used to decode an...
Advisory ROSA-SA-2026-3313
Component: xz 5.2.9 OS: ROSA-CHROME Unaffected versions: = xz-5.2.9-2 Affected versions: xz-5.2.9-2 CVE-ID: CVE-2026-34743 BDU-ID: None CVE-Crit: Medium CVE-DESCRIPTION: The buffer overflow vulnerability in XZ Utils allows an attacker to cause memory corruption by using the lzmaindexdecoder...
Security update for xz
This update for xz fixes the following issue CVE-2026-34743: buffer overflow in lzmaindexappend bsc1261280. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your...
SUSE-SU-2026:2118-1 Security update for xz
This update for xz fixes the following issue - CVE-2026-34743: buffer overflow in lzmaindexappend bsc1261280...
openSUSE 16 Security Update : xz (openSUSE-SU-2026:20813-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20813-1 advisory. This update for xz fixes the following issue - CVE-2026-34743: buffer overflow in lzmaindexappend bsc1261280. Tenable has extracted the preceding...
Security update for xz (important)
openSUSE security update: security update for xz ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20813-1 Rating: important References: bsc1261280 Cross-References: CVE-2026-34743 CVSS scores: CVE-2026-34743 SUSE : 7.4...
SUSE SLES12 Security Update : xz (SUSE-SU-2026:2052-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:2052-1 advisory. This update for xz fixes the following issue - CVE-2026-34743: buffer overflow in lzmaindexappend bsc1261280. Tenable has extracted the preceding...
SUSE-SU-2026:21848-1 Security update for xz
This update for xz fixes the following issue - CVE-2026-34743: buffer overflow in lzmaindexappend bsc1261280...