CVE-2026-34743
Published: April 2nd, 2026
XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.
Unknown
CVSS v2:
CVSS v2:
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 22.3 | lzma (17.01) | Needs Triage | ||
| 22.2 | lzma (17.01) | Needs Triage | ||
| 22.1 | lzma (17.01) | Needs Triage | ||
| 21.11.1 | lzma (17.01) | Needs Triage | ||
| 21.11 | lzma (17.01) | Needs Triage | ||
| 21.8.1 | lzma (17.01) | Needs Triage | ||
| 21.8 | lzma (17.01) | Needs Triage | ||
| 21.5.1 | lzma (17.01) | Needs Triage | ||
| 21.5.0 | lzma (17.01) | Needs Triage | ||
| 21.2.0 | lzma (17.01) | Needs Triage | ||
| 11.4.20 | lzma (17.01) | Needs Triage | ||
| 11.4.19.3667 | lzma (17.01) | Needs Triage | ||
| 11.4.18.3599 | lzma (17.01) | Needs Triage | ||
| 11.4.17 | lzma (17.01) | Needs Triage | ||
| 11.4.16.3445 | lzma (17.01) | Needs Triage | ||
| 11.4.15.3368 | lzma (17.01) | Needs Triage | ||
| 11.4.14.3263 | lzma (17.01) | Needs Triage | ||
| 11.4.13.3179 | lzma (17.01) | Needs Triage | ||
| 11.4.12.3054 | lzma (17.01) | Needs Triage | ||
| 11.4.11.3040 | lzma (17.01) | Needs Triage | ||
| 11.4.11.2990 | lzma (17.01) | Needs Triage | ||
| 11.4.10.2934 | lzma (17.01) | Needs Triage | ||
| 11.4.9.2878 | lzma (17.01) | Needs Triage | ||
| 11.4.8.2822 | lzma (17.01) | Needs Triage |