CVE-2024-25710: Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file

Severity: important Affected versions: - Apache Commons Compress 1.3 through 1.25.0 Description: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgra

CVE-2024-26308: Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file

Severity: moderate Affected versions: - Apache Commons Compress 1.21 before 1.26.0 Description: Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to

[ANNOUNCE] Apache Commons Compress 1.26.0

The Apache Commons team is pleased to announce Apache Compress 1.26.0. Apache Commons Compress defines an API for working with compression and archive formats. These include bzip2, gzip, pack200, LZMA, XZ, Snappy, traditional Unix Compress, DEFLATE, DEFLATE64, LZ4, Brotli, Zstandard and ar, cpio,