← Back to home
wid-sec-w-2026-0942  ·  Published 2026-03-31  ·  View on BSI CERT-Bund ↗

xz: Vulnerability allows Code execution

CVSS 1.7 LOW

Risk Summary

XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.

CVEs (1)

Affected Vendors

Microsoft Open Source

Affected Products (3)

Microsoft · Azure Linux azl3
Open Source · xz <5.8.3
Open Source · xz 5.8.3

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more