VYPR

Xz

by Tukaani

Source repositories

CVEs (3)

  • CVE-2015-4035HigJul 25, 2017
    risk 0.51cvss 7.8epss 0.01

    scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run xzgrep on a crafted file name.

  • CVE-2026-34743MedApr 2, 2026
    risk 0.27cvss 5.3epss 0.00

    XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append()…

  • CVE-2020-22916Aug 22, 2023
    risk 0.00cvss epss 0.00

    An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes,…