CVE-2026-34743

ADVISORY - nist

Summary

XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.

EPSS Score⁠: 0.00055 (0.172)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-122⁠

Heap-based Buffer Overflow

ADVISORY - redhat

CWE-131⁠

Incorrect Calculation of Buffer Size

Impacted images

Advisories

NIST

CREATED

26 days ago

UPDATED

13 days ago

ADVISORY IDCVE-2026-34743⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-122⁠

CVSS SCORE

1.7low

Alpine

CREATED

3 days ago

UPDATED

9 hours ago

ADVISORY IDCVE-2026-34743⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

27 days ago

UPDATED

4 hours ago

ADVISORY IDCVE-2026-34743⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

26 days ago

UPDATED

4 days ago

ADVISORY IDCVE-2026-34743⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.3low

Red Hat

CREATED

26 days ago

UPDATED

25 days ago

ADVISORY IDCVE-2026-34743⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-131⁠

CVSS SCORE

5.3medium

Photon

CREATED

1 day ago

UPDATED

1 day ago

ADVISORY ID

CVE-2026-34743

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.3medium