Debian Patches

Status for xz-utils/5.8.1-1+deb13u1

Patch Description Author Forwarded Bugs Origin Last update
0001-liblzma-Fix-a-buffer-overflow-in-lzma_index_append.patch liblzma: Fix a buffer overflow in lzma_index_append()
If lzma_index_decoder() was used to decode an Index that contained no
Records, the resulting lzma_index had an invalid internal "prealloc"
value. If lzma_index_append() was called on this lzma_index, too
little memory would be allocated and a buffer overflow would occur.

While this combination of the API functions is meant to work, in the
real-world apps this call sequence is rare or might not exist at all.

This bug is older than xz 5.0.0, so all stable releases are affected.
Lasse Collin <lasse.collin@tukaani.org> no 2026-03-29

All known versions for source package 'xz-utils'

Links