Conversation
buherator
buherator
XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115)
https://www.openwall.com/lists/oss-security/2025/04/03/1
"Our belief is that it's highly impractical to exploit on 64-bit systems
where xz was built with PIE (=> ASLR), but that on 32-bit systems,
especially without PIE, it may be doable."
https://www.openwall.com/lists/oss-security/2025/04/03/1
"Our belief is that it's highly impractical to exploit on 64-bit systems
where xz was built with PIE (=> ASLR), but that on 32-bit systems,
especially without PIE, it may be doable."
0
1
3