VDB

JLSEC-2026-462

JLSEC-2026-462 PUBLISHED CVSS 9.300000190734863 CRITICAL

XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.

Risk Scores

CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
JuliaXZ_jll0

Timeline

  • May 7, 2026 CVE Published
  • May 7, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›