{"id":"GO-2025-3922","summary":"Memory leaks when decoding a corrupted multiple LZMA archives in github.com/ulikunitz/xz","details":"Memory leaks when decoding a corrupted multiple LZMA archives in github.com/ulikunitz/xz","aliases":["CVE-2025-58058","GHSA-jc7w-c686-c4v9"],"modified":"2026-03-17T04:53:39.236925Z","published":"2025-09-17T17:03:38Z","related":["CGA-ph6j-9ffx-7pf8"],"database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-3922"},"references":[{"type":"ADVISORY","url":"https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9"},{"type":"FIX","url":"https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2"}],"affected":[{"package":{"name":"github.com/ulikunitz/xz","ecosystem":"Go","purl":"pkg:golang/github.com/ulikunitz/xz"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.5.15"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3922.json"}}],"schema_version":"1.7.5"}