VYPR

hackage package

xz-clib

pkg:hackage/xz-clib

Vulnerabilities (1)

  • CVE-2025-31115HigApr 3, 2025
    affected >= 5.6.3, < 5.8.1fixed 5.8.1

    XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an a