QwikSec

Security Database

CVE

CWE

Training

CVE-2026-34743

Published: Apr 2, 2026

Modified: Apr 3, 2026

PUBLISHED

Description

XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.

Vendor	Product	Versions
tukaani-project	xz	affected `< 5.8.3`

Weaknesses (CWE)

References

https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv

x_refsource_CONFIRM

https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87

x_refsource_MISC

https://github.com/tukaani-project/xz/releases/tag/v5.8.3

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2026-34743 - Security Vulnerability | QwikSec