Ulikunitz Xz vulnerabilities
2 known vulnerabilities affecting ulikunitz/xz.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-16845P3HIGHCVSS 7.5fixed in 0.5.82020-08-06
CVE-2020-16845 [HIGH] CWE-835 CVE-2020-16845: Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarin
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
nvd
CVE-2025-58058P4MEDIUMCVSS 5.3fixed in 0.5.142025-08-28
CVE-2025-58058 [MEDIUM] CWE-770 CVE-2025-58058: xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly aft
nvd