PT-2026-29689 · Tukaani · Xz
Christos-Spearbit
·
Published
2026-04-02
·
Updated
2026-04-02
·
CVE-2026-34743
CVSS v4.0
1.7
Low
| AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U |
XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma index decoder() was used to decode an Index that contained no Records, the resulting lzma index was left in a state where where a subsequent lzma index append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.
Fix
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xz