Harri K. Koskinen discovered that XZ Utils incorrectly handled the threaded xz decoder. If a user or automated system were tricked into processing an xz file, a remote attacker could use this issue to cause XZ Utils to crash, resulting in a denial of service, or possibly execute arbitrary code.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "liblzma-dev", "binary_version": "5.6.2-2ubuntu0.2" }, { "binary_name": "liblzma-doc", "binary_version": "5.6.2-2ubuntu0.2" }, { "binary_name": "liblzma5", "binary_version": "5.6.2-2ubuntu0.2" }, { "binary_name": "liblzma5-dbgsym", "binary_version": "5.6.2-2ubuntu0.2" }, { "binary_name": "xz-utils", "binary_version": "5.6.2-2ubuntu0.2" }, { "binary_name": "xz-utils-dbgsym", "binary_version": "5.6.2-2ubuntu0.2" }, { "binary_name": "xzdec", "binary_version": "5.6.2-2ubuntu0.2" }, { "binary_name": "xzdec-dbgsym", "binary_version": "5.6.2-2ubuntu0.2" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "liblzma-dev", "binary_version": "5.6.1+really5.4.5-1ubuntu0.2" }, { "binary_name": "liblzma-doc", "binary_version": "5.6.1+really5.4.5-1ubuntu0.2" }, { "binary_name": "liblzma5", "binary_version": "5.6.1+really5.4.5-1ubuntu0.2" }, { "binary_name": "liblzma5-dbgsym", "binary_version": "5.6.1+really5.4.5-1ubuntu0.2" }, { "binary_name": "xz-utils", "binary_version": "5.6.1+really5.4.5-1ubuntu0.2" }, { "binary_name": "xz-utils-dbgsym", "binary_version": "5.6.1+really5.4.5-1ubuntu0.2" }, { "binary_name": "xzdec", "binary_version": "5.6.1+really5.4.5-1ubuntu0.2" }, { "binary_name": "xzdec-dbgsym", "binary_version": "5.6.1+really5.4.5-1ubuntu0.2" } ] }