Lucene search
K

4 matches found

F5 Networks
F5 Networks
added 2025/07/02 11:3 p.m.12 views

K000152366: XZ Utils vulnerability CVE-2025-31115

Security Advisory Description XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and...

8.7CVSS7.6AI score0.00618EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/04/05 12:0 a.m.12 views

GLSA-202504-01 : XZ Utils: Use after free

The remote host is affected by the vulnerability described in GLSA-202504-01 XZ Utils: Use after free A use-after-free has been discovered in XZ utils. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo Lin...

8.7CVSS6.6AI score0.00618EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/04/03 12:0 a.m.15 views

Ubuntu 24.04 LTS / 24.10 : XZ Utils vulnerability (USN-7414-1)

The remote Ubuntu 24.04 LTS / 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7414-1 advisory. Harri K. Koskinen discovered that XZ Utils incorrectly handled the threaded xz decoder. If a user or automated system were tricked into processing an xz...

8.7CVSS7.2AI score0.00618EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/29 12:0 a.m.5 views

PT-2024-2451

Name of the Vulnerable Software and Affected Versions XZ Utils versions 5.6.0 through 5.6.1 Description Malicious code was discovered in the upstream tarballs of XZ Utils. Through complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file in the...

10CVSS8.5AI score0.85974EPSS
Exploits40
Rows per page
Query Builder