Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-used. This scenario can be triggered if the process is under memory pressure. The fix cleans up the dangling pointer in this specific error condition. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.
Any POC available?
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:10711 https://access.redhat.com/errata/RHSA-2026:10711
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:10745 https://access.redhat.com/errata/RHSA-2026:10745
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:10774 https://access.redhat.com/errata/RHSA-2026:10774
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:10949 https://access.redhat.com/errata/RHSA-2026:10949
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:10950 https://access.redhat.com/errata/RHSA-2026:10950
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:11062 https://access.redhat.com/errata/RHSA-2026:11062
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:11077 https://access.redhat.com/errata/RHSA-2026:11077
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:13692 https://access.redhat.com/errata/RHSA-2026:13692
This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2026:13812 https://access.redhat.com/errata/RHSA-2026:13812
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2026:14653 https://access.redhat.com/errata/RHSA-2026:14653
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:14652 https://access.redhat.com/errata/RHSA-2026:14652
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:14656 https://access.redhat.com/errata/RHSA-2026:14656
This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:16699 https://access.redhat.com/errata/RHSA-2026:16699
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2026:17525 https://access.redhat.com/errata/RHSA-2026:17525
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2026:17619 https://access.redhat.com/errata/RHSA-2026:17619
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:19019 https://access.redhat.com/errata/RHSA-2026:19019
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:19064 https://access.redhat.com/errata/RHSA-2026:19064
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:19175 https://access.redhat.com/errata/RHSA-2026:19175
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:19176 https://access.redhat.com/errata/RHSA-2026:19176
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:19177 https://access.redhat.com/errata/RHSA-2026:19177
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:19216 https://access.redhat.com/errata/RHSA-2026:19216
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:19549 https://access.redhat.com/errata/RHSA-2026:19549
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2026:19571 https://access.redhat.com/errata/RHSA-2026:19571
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:19570 https://access.redhat.com/errata/RHSA-2026:19570
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:19576 https://access.redhat.com/errata/RHSA-2026:19576
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:19590 https://access.redhat.com/errata/RHSA-2026:19590
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2026:21682 https://access.redhat.com/errata/RHSA-2026:21682