Tukaani Xz
By the Year
In 2024 there have been 1 vulnerability in Tukaani Xz with an average score of 10.0 out of ten. Last year Xz had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Xz in 2024 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2024 is greater by 4.50.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 1 | 10.00 |
| 2023 | 1 | 5.50 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Xz vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tukaani Xz Security Vulnerabilities
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0
CVE-2024-3094
10 - Critical
- March 29, 2024
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
Embedded Malicious Code
An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file
CVE-2020-22916
5.5 - Medium
- August 22, 2023
An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Tukaani Xz or by Tukaani? Click the Watch button to subscribe.
