Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Library and command line tools for XZ and LZMA compressed files
Version 5.6.1-3 [core]


Group Affected Fixed Severity Status Ticket
AVG-2851 5.6.0-1 5.6.1-2 Critical Fixed
AVG-2665 5.2.5-2 5.2.5-3 High Fixed
Issue Group Severity Remote Type Description
CVE-2024-3094 AVG-2851 Critical Yes Authentication bypass
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained...
CVE-2022-1271 AVG-2665 High No Arbitrary command execution
Malicious filenames with two or more newlines can make zgrep and xzgrep to write to arbitrary files or (with a GNU sed extension) lead to arbitrary code...


Date Advisory Group Severity Type
29 Mar 2024 ASA-202403-1 AVG-2851 Critical arbitrary code execution
07 Apr 2022 ASA-202204-8 AVG-2665 High arbitrary command execution