INFSA-2025:7524: xz security update
Information about definition
Identificator: INFSA-2025:7524
Type: security
Release date: 2025-07-15 19:30:12 UTC
Information about package
XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.
Vulnerabilities description
- CVE-2025-31115
A flaw was found in the XZ Utils library. In affected versions, the multithreaded .xz decoder in liblzma has a bug where invalid input can trigger a heap use-after-free condition, allowing writes to an address based on the null pointer plus an offset. This issue may result in a crash or other undefined behavior. Applications and libraries that use the lzma_stream_decoder_mt function are affected.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-31115
|
no information | 7.5 | no information |
Updated packages