CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

Tenable Nessus•added 2026/01/22 12:0 a.m.•2 views

Azure Linux 3.0 Security Update: xz (CVE-2025-31115)

The version of xz installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-31115 advisory. - XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to...

8.7CVSS5.5AI score0.00041EPSS

Exploits0References2

OSV•added 2025/11/14 2:45 p.m.•8 views

HSEC-2025-0003 Use after free in multithreaded lzma (.xz) decoder

Use after free in multithreaded lzma .xz decoder In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash CVE-2025-31115. The effects include heap use after free and writing to an address based on the null pointer plus ...

8.7CVSS7.5AI score0.00041EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-14786

Malicious code in bioql PyPI...

8.7CVSS7.7AI score0.00041EPSS

Exploits0References3

AstraLinux•added 2025/06/16 11:28 a.m.•7 views

Astra Linux - уязвимость в xz-utils

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on t...

8.7CVSS7AI score0.00041EPSS

Exploits0References3

RedHat Linux•added 2025/05/13 7:14 p.m.•4 views

xz: XZ has a heap-use-after-free bug in threaded .xz decoder

A flaw was found in the XZ Utils library. In affected versions, the multithreaded .xz decoder in liblzma has a bug where invalid input can trigger a heap use-after-free condition, allowing writes to an address based on the null pointer plus an offset. This issue may result in a crash or other...

8.7CVSS5.8AI score0.00041EPSS

Exploits0References7

OSV•added 2025/04/18 1:49 p.m.•1 views

OESA-2025-1431 xz security update

XZ Utils is free general-purpose data compression software with a high compression ratio. XZ Utils were written for POSIX-like systems, but also work on some not-so-POSIX systems. XZ Utils are the successor to LZMA Utils. Security Fixes: XZ Utils provide a general-purpose data-compression library...

8.7CVSS6.9AI score0.00041EPSS

Exploits0References2

OSV•added 2025/04/18 1:49 p.m.•1 views

OESA-2025-1430 xz security update

8.7CVSS6.9AI score0.00041EPSS

Exploits0References2

SUSE CVE•added 2025/04/04 2:57 a.m.•1 views

SUSE CVE-2025-31115

8.2CVSS7AI score0.00041EPSS

Exploits0References8

RedhatCVE•added 2025/04/03 7:7 p.m.•14 views

CVE-2025-31115

7.5CVSS7.1AI score0.00041EPSS

Exploits0References6

OSV•added 2025/04/03 5:15 p.m.•3 views

AZL-59497 CVE-2025-31115 affecting package xz for versions less than 5.4.4-2

8.7CVSS7AI score0.00041EPSS

Exploits0References1

NVD•added 2025/04/03 5:15 p.m.•6 views

CVE-2025-31115

8.7CVSS0.00041EPSS

Exploits0References7

OSV•added 2025/04/03 5:15 p.m.•1 views

ALPINE-CVE-2025-31115

8.7CVSS6.9AI score0.00041EPSS

Exploits0References1

OSV•added 2025/04/03 5:15 p.m.•1 views

DEBIAN-CVE-2025-31115

8.7CVSS7.5AI score0.00041EPSS

Exploits0References1

Vulnrichment•added 2025/04/03 4:57 p.m.•10 views

CVE-2025-31115 XZ has a heap-use-after-free bug in threaded .xz decoder

8.7CVSS7.2AI score0.00041EPSS

Exploits0References3

Debian CVE•added 2025/04/03 4:57 p.m.•77 views

CVE-2025-31115

8.7CVSS7.5AI score0.00041EPSS

Exploits0

CVE•added 2025/04/03 4:57 p.m.•1437 views

CVE-2025-31115

The CVE-2025-31115 affects XZ Utils’ liblzma multithreaded .xz decoder (lzma_stream_decoder_mt) in versions 5.3.3alpha through 5.8.0. The issue can cause a crash with heap-use-after-free and writes to memory based on a NULL pointer plus an offset, impacting applications/libraries that invoke the ...

8.7CVSS7.2AI score0.00041EPSS

Exploits0References7