Browse all 3 CVE security advisories affecting tukaani-project. AI-powered Chinese analysis, POCs, and references for each vulnerability.
The tukaani-project develops the XZ Utils data compression software, widely used for efficient file compression across Linux distributions. Historically, the project has faced vulnerabilities including remote code execution flaws in decompression functions and buffer overflow issues in parsing compressed data. While no major public security incidents have been documented, the three CVEs on record highlight potential risks in handling malformed input files. The project's security characteristics emphasize robust input validation and careful memory management to prevent exploitation, though its position in critical system infrastructure makes any vulnerability particularly impactful for downstream users relying on its compression capabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-34743 | XZ Utils: Buffer overflow in lzma_index_append() — xzCWE-122 | 7.5AI | HighAI | 2026-04-02 |
| CVE-2025-31115 | XZ has a heap-use-after-free bug in threaded .xz decoder — xzCWE-366 | 7.5AI | HighAI | 2025-04-03 |
| CVE-2024-47611 | XZ Utils on Microsoft Windows platform are vulnerable to argument injection — xzCWE-88 | 9.4 | - | 2024-10-02 |
This page lists every published CVE security advisory associated with tukaani-project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.