Skip to main content

Xz

4 CVEs product

Monthly

CVE-2026-34743 LOW PATCH Monitor

Buffer overflow in XZ Utils lzma_index_decoder() allows memory corruption when processing Index records with no data entries prior to version 5.8.3. Unauthenticated remote attackers can trigger a heap overflow via crafted compressed data, potentially causing denial of service or memory corruption. The vulnerability has a low CVSS score (1.7) due to attack time requirement and limited impact scope, with no confirmed active exploitation at time of analysis.

Buffer Overflow Heap Overflow Xz
NVD GitHub VulDB
CVSS 4.0
1.7
EPSS
0.0%
CVE-2022-1271 HIGH PATCH This Week

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Gzip Jboss Data Grid Debian Linux Xz
NVD
CVSS 3.1
8.8
EPSS
4.3%
CVE-2021-29482 Go HIGH PATCH This Week

xz is a compression and decompression library focusing on the xz format completely written in Go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Xz
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2015-4035 HIGH This Week

scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Xz
NVD
CVSS 3.0
7.8
EPSS
0.6%
EPSS 0% CVSS 1.7
LOW PATCH Monitor

Buffer overflow in XZ Utils lzma_index_decoder() allows memory corruption when processing Index records with no data entries prior to version 5.8.3. Unauthenticated remote attackers can trigger a heap overflow via crafted compressed data, potentially causing denial of service or memory corruption. The vulnerability has a low CVSS score (1.7) due to attack time requirement and limited impact scope, with no confirmed active exploitation at time of analysis.

Buffer Overflow Heap Overflow Xz
NVD GitHub VulDB
EPSS 4% CVSS 8.8
HIGH PATCH This Week

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Gzip Jboss Data Grid +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

xz is a compression and decompression library focusing on the xz format completely written in Go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Xz
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Xz
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy