CVE-2026-34743
EUVD-2026-1850502.04.2026, 19:21
XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| tukaani | xz | 𝑥 < 5.8.3 |
𝑥
= Vulnerable software versions
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| liblzma5 |
| ||||||||||||||||||||
| liblzma5-32bit |
| ||||||||||||||||||||
| xz |
| ||||||||||||||||||||
| xz-devel |
| ||||||||||||||||||||
| xz-lang |
| ||||||||||||||||||||
| xz-static-devel |
|
Azure Linux Releases