PT-2026-29689 · Xz Utils+3 · Xz Utils+3

Christos-Spearbit

Published

2026-03-31

Updated

2026-06-02

CVE-2026-34743

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions XZ Utils versions prior to 5.8.3

Description XZ Utils, a data-compression library and command-line tools, had a flaw where the lzma index decoder() function, when processing an Index without Records, could leave the lzma index in a state leading to insufficient memory allocation during a subsequent lzma index append() call. This resulted in a buffer overflow. The issue was addressed in version 5.8.3.

Recommendations Update to version 5.8.3 or later.

Fix

DoS

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

BDU:2026-05834

CLEANSTART-2026-CD91667

CLEANSTART-2026-GB02436

CLEANSTART-2026-GR41888

CLEANSTART-2026-LN66182

CLEANSTART-2026-MR50866

CLEANSTART-2026-UF28691

CVE-2026-34743

ECHO-54F0-42DA-6974

MGASA-2026-0084

OESA-2026-1853

OPENSUSE-SU-2026:10492-1

RHSA-2026:7647

USN-8362-1

Affected Products

Linuxmint

Red Os

Ubuntu

Xz Utils

PT-2026-29689 · Xz Utils+3 · Xz Utils+3

CVE-2026-34743

Weakness Enumeration

Related Identifiers

Affected Products

References · 122