0Xdecaf

Name of the Vulnerable Software and Affected Versions: xz versions prior to 0.5.8 Description: The issue arises from the function `readUvarint` used to read the xz container format, which may not terminate a loop when provided with malicious input, potentially leading to a denial of service. This could be exploited if an attacker constructs a series of bytes that cause an infinite loop when `Reader.Read` is called on them, especially when parsing user-supplied input. Recommendations: For versions prior to 0.5.8, update to version 0.5.8 to resolve the issue. As a temporary workaround, consider limiting the size of the compressed file input to a reasonable size for your use case to minimize the risk of exploitation.