What is CVE-2024-47611?

CVE-2024-47611 is a vulnerability in Tukaani-project Xz, classified under Argument Injection. Published 2024-10-02.

Is CVE-2024-47611 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Tukaani-project Xz

CVE-2024-47611

XZ Utils provide a general-purpose data-compression library plus command-line tools. When built for native Windows (MinGW-w64 or MSVC), the command line tools from XZ Utils 5.6.2 and older have a command line argument injection vulnerabili…

EPSS: 0.004 (60.1th percentile) — read the EPSS interpretation.

Affected products

Tukaani-project Xz — versions < 5.6.3

Weakness classification (CWE)

Public proof-of-concept exploits

References

https://github.com/tukaani-project/xz/security/advisories/GHSA-m538-c5qw-3cg4 (x_refsource_CONFIRM)
https://github.com/tukaani-project/xz/commit/bf518b9ba446327a062ddfe67e7e0a5baed2394f (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-47611?: CVE-2024-47611 is a vulnerability in Tukaani-project Xz, classified under Argument Injection. Published 2024-10-02.
Is CVE-2024-47611 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.