AVG-2860 log
| Package | xz |
| Status | Fixed |
| Severity | Medium |
| Type | denial of service |
| Affected | 5.8.0-1 |
| Fixed | 5.8.1-1 |
| Current | 5.8.1-1 [core] |
| Ticket | None |
| Created | Thu Apr 3 16:55:25 2025 |
| Advisory | Pending |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2025-31115 | Medium | No | Denial of service | In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include... |
| References |
|---|
https://tukaani.org/xz/threaded-decoder-early-free.html |