CVE-2026-34743 in xz
Sumário (Inglês)
XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Responsável
GitHub_M
Reservar
30/03/2026
Divulgação
02/04/2026
Estado
Confirmado
Inscrições
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidade | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 355024 | tukaani-project xz Compression lzma_index_decoder Excesso de tampão | 122 | Não definido | Correção oficial | CVE-2026-34743 |
Descrição
CPE
CWE
CVSS
Explorações
História
Diferença
Relacionar
Inteligência de ameaças
API JSON
API XML
API CSV