VDB

CVE-2026-34743

CVE-2026-34743 PUBLISHED CVSS 1.7000000476837158 LOW

XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.

EPSS 0.06% · 19.0th percentile

Risk Scores

CVSS v4.0
1.7000000476837158
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
EPSS Score
0.06%
19.0th percentile

Affected Products

VendorProductVersions
tukaani-projectxz< 5.8.3

Timeline

  • Apr 2, 2026 CVE Published
  • Apr 3, 2026 CVE Updated
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
  • May 24, 2026 EPSS Score
  • May 25, 2026 EPSS Score
  • May 26, 2026 EPSS Score
  • May 27, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›