4 matches found
K000152366: XZ Utils vulnerability CVE-2025-31115
Security Advisory Description XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and...
GLSA-202504-01 : XZ Utils: Use after free
The remote host is affected by the vulnerability described in GLSA-202504-01 XZ Utils: Use after free A use-after-free has been discovered in XZ utils. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo Lin...
Ubuntu 24.04 LTS / 24.10 : XZ Utils vulnerability (USN-7414-1)
The remote Ubuntu 24.04 LTS / 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7414-1 advisory. Harri K. Koskinen discovered that XZ Utils incorrectly handled the threaded xz decoder. If a user or automated system were tricked into processing an xz...
PT-2024-2451
Name of the Vulnerable Software and Affected Versions XZ Utils versions 5.6.0 through 5.6.1 Description Malicious code was discovered in the upstream tarballs of XZ Utils. Through complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file in the...