NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
lib/59505: CVE-2025-31115: Threaded .xz decoder frees memory too early
>Number: 59505
>Category: lib
>Synopsis: CVE-2025-31115: Threaded .xz decoder frees memory too early
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: lib-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Jul 03 05:05:00 +0000 2025
>Originator: Kimmo Suominen
>Release: NetBSD 10.99.14 (202505302330Z)
>Organization:
>Environment:
System: NetBSD revolutions.gw.fi 10.99.14 NetBSD 10.99.14 (GENERIC) #0: Fri May 30 19:42:28 UTC 2025 mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/amd64/compile/GENERIC amd64
Architecture: x86_64
Machine: amd64
>Description:
In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder
in liblzma has a bug where invalid input can at least result
in a crash (CVE-2025-31115). The effects include heap use
after free and writing to an address based on the null pointer
plus an offset. Applications and libraries that use the
lzma_stream_decoder_mt function are affected.
>How-To-Repeat:
https://tukaani.org/xz/threaded-decoder-early-free.html
>Fix:
Upgrade to 5.8.1 (or later).
Home |
Main Index |
Thread Index |
Old Index