oss-sec mailing list archives
Re: XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115)
From: Sam James <sam () gentoo org>
Date: Thu, 03 Apr 2025 16:18:28 +0100
Sam James <sam () gentoo org> writes:
# Impact The threaded .xz decoder in liblzma has a bug that can at least result in a crash (denial of service). The effects include heap use after free and writing to an address based on the null pointer plus an offset. This affects XZ Utils versions from 5.3.3alpha to 5.8.0. Applications and libraries that use the lzma_stream_decoder_mt function are affected.
Our belief is that it's highly impractical to exploit on 64-bit systems where xz was built with PIE (=> ASLR), but that on 32-bit systems, especially without PIE, it may be doable.
Attachment:
signature.asc
Description:
Current thread:
- XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115) Sam James (Apr 03)
- Re: XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115) Sam James (Apr 03)
- Re: XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115) Sam James (Apr 03)
- Re: XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115) Sam James (Apr 03)