Gregorybuligin

**Name of the Vulnerable Software and Affected Versions** xz versions prior to 0.5.14 **Description** The xz package contains a flaw where data can be prepended to an LZMA-encoded byte stream without detection during header reading. This can lead to excessive memory consumption due to the allocation of a full decoding buffer. The LZMA header lacks a magic number or checksum to identify this issue as per the specification. While the code eventually detects the problem during stream reading, memory has already been allocated at that point. This issue affects software utilizing `lzma.NewReader` or `lzma.ReaderConfig.NewReader`. **Recommendations** Update to xz version 0.5.14 or later to address this issue.