Sam James <s...@gentoo.org> writes: > Sam James <s...@gentoo.org> writes: > >> # Impact >> >> The threaded .xz decoder in liblzma has a bug that can at least result >> in a crash (denial of service). The effects include heap use after free >> and writing to an address based on the null pointer plus an offset. >> >> This affects XZ Utils versions from 5.3.3alpha to 5.8.0. Applications >> and libraries that use the lzma_stream_decoder_mt function are affected. > > Our belief is that it's highly impractical to exploit on 64-bit systems > where xz was built with PIE (=> ASLR), but that on 32-bit systems, > especially without PIE, it may be doable.
I should correct myself here: it's easy to exploit the *crash* (though for liblzma users, it depends on how they ingest files), but not easy to take over the process.
