CVE-2021-29482

Name of the Vulnerable Software and Affected Versions: xz versions prior to 0.5.8

Description: The issue arises from the function readUvarint used to read the xz container format, which may not terminate a loop when provided with malicious input, potentially leading to a denial of service. This could be exploited if an attacker constructs a series of bytes that cause an infinite loop when Reader.Read is called on them, especially when parsing user-supplied input.

Recommendations: For versions prior to 0.5.8, update to version 0.5.8 to resolve the issue. As a temporary workaround, consider limiting the size of the compressed file input to a reasonable size for your use case to minimize the risk of exploitation.