CNNVD-202508-3292 Information

CNNVD ID

CNNVD-202508-3292

Related CVE

CVE-2025-58058

• CNNVD Published: 2025-08-28

Description (Chinese)

xz是一个应用软件。用于支持读取和写入xz压缩流。 xz 0.5.14之前版本存在安全漏洞，该漏洞源于LZMA编码字节流头部检测不足，可能导致内存消耗增加。

Description (English)

xz is an application. For reading and writing xz compression streams. Prior to xz 0.5.14, there was a security loophole, which stemmed from the inadequate detection of the LZMA code byte head, which could lead to increased memory consumption.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-08-28

Last Modified

2026-02-24

References

https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9 https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 https://nvd.nist.gov/vuln/detail/CVE-2025-58058

Patch

https://github.com/ulikunitz/xz/tags