Severity: Unknown
Affected Package: xz-utils
Summary: xz-utils threaded decoder is vulnerable to DOS
The threaded .xz decoder in liblzma has a bug that can at least result in a crash (denial of service). The effects include heap use after free and writing to an address based on the null pointer plus an offset. This affects XZ Utils versions from 5.3.3alpha to 5.8.0. Applications and libraries that use the lzma_stream_decoder_mt function are affected
Specific versions:
update to the latest release
Aliases: CVE-2025-31115
Published: April 03, 2025
Last Modified: April 03, 2025