heap-based-buffer-overflow
CVE-2026-34743
XZ Utils
CVSS Details
CVSS Score
5.3 MEDIUM
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Weakness
CWE-122 Heap-based Buffer Overflow
Description
XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.
Disclosure Date
Public Disclosure
April 2, 2026