CVE-2025-31115: XZ Utils
On the 25th of March I reported to Lasse Collin, the lead maintainer of XZ Utils, a bug I had stumbled upon while I was experimenting with file compressors. I had created a huge pile of files compressed using different tools and I had corrupted them using various methods.
One of the files happened to cause a segmentation fault in xz. It turned out that a mismatch of a single byte in a large .xz block could trigger a "Use After Free" error. UAF happens when a program uses memory it has previously freed.
If you want to know more about the bug, and its fix, read the post by Lasse Collin.