NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

lib/59505: CVE-2025-31115: Threaded .xz decoder frees memory too early



>Number:         59505
>Category:       lib
>Synopsis:       CVE-2025-31115: Threaded .xz decoder frees memory too early
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jul 03 05:05:00 +0000 2025
>Originator:     Kimmo Suominen
>Release:        NetBSD 10.99.14 (202505302330Z)
>Organization:
>Environment:
System: NetBSD revolutions.gw.fi 10.99.14 NetBSD 10.99.14 (GENERIC) #0: Fri May 30 19:42:28 UTC 2025 mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/amd64/compile/GENERIC amd64
Architecture: x86_64
Machine: amd64
>Description:

	In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder
	in liblzma has a bug where invalid input can at least result
	in a crash (CVE-2025-31115). The effects include heap use
	after free and writing to an address based on the null pointer
	plus an offset. Applications and libraries that use the
	lzma_stream_decoder_mt function are affected.

>How-To-Repeat:

	https://tukaani.org/xz/threaded-decoder-early-free.html

>Fix:

	Upgrade to 5.8.1 (or later).



Home | Main Index | Thread Index | Old Index