CVE-2026-34743

XZ Utils

Medium

CVSS Details

CVSS Score

5.3 MEDIUM

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Weakness

CWE-122 Heap-based Buffer Overflow

Description

XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.

View on NVD

Timeline

Discovered

March 2026

Vendor Notified

March 2026

Patch Released

April 2, 2026 (v5.8.3)

Public Disclosure

April 2, 2026