Siemens SIMATIC S7-1500 Premature Release of Resource During Expected Lifetime (CVE-2025-31115)

The threaded .xz decoder in liblzma has a vulnerability that can at least result in a crash denial of service. The effects include heap use after free and writing to an address based on the null pointer plus an offset. This plugin only works with Tenable.ot. Please visit...

FreeBSD : FreeBSD -- Use-after-free in multi-threaded xz decoder (7642ba72-5abf-11f0-87ba-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7642ba72-5abf-11f0-87ba-002590c1f29c advisory. A worker thread could free its input buffer after decoding, while the main thread might still be writin...

FreeBSD-SA-25:06.xz

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-25:06.xz Security Advisory The FreeBSD Project Topic: Use-after-free in multi-threaded xz decoder Category: contrib Module: xz Announced: 2025-07-02 Affects:...

Oracle Linux 10 : xz (ELSA-2025-7524)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7524 advisory. - Fix: heap-use-after-free bug in threaded .xz decoder CVE-2025-31115 Tenable has extracted the preceding description block directly from the Oracle Linux...

XZ has a heap-use-after-free bug in threaded .xz decoder

...