CVE-2026-34743
Publication date 2 April 2026
Last updated 2 April 2026
Ubuntu priority
Description
[liblzma: Fix a buffer overflow in lzma_index_append()]
Read the notes from the security team
Why is this CVE low priority?
Issue not likely to affect any real-world applications
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| xz-utils | 25.10 questing |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty |
Needs evaluation
|
Notes
mdeslaur
Per xz-utils developers: "The lzma_index functions are rarely used by applications directly. In the few applications that do use these functions, the combination of function calls required to trigger this bug are unlikely to exist, because there typically is no reason to append Records to a decoded lzma_index. Thus, it’s likely that this bug cannot be triggered in any real-world application." Marking this as low priority