CGA-249c-xjgg-69ch

Published

Last updated

https://images.chainguard.dev/security/CGA-249c-xjgg-69ch

Package

xeol-fips

Repository

Chainguard

Latest Update

Pending upstream fix

Aliases

CVE-2025-11579
GHSA-rwvp-r38j-9rgg

Severity

5.3

Medium

CVSS V3

References

https://nvd.nist.gov/vuln/detail/CVE-2025-11579
https://github.com/advisories/GHSA-rwvp-r38j-9rgg

Updates

Status

Pending upstream fix

Impact

xeol builds against nwaples/rardecode 1.x which is no longer supported. To remediate this vulnerability, xeol upstream will need to move to depend on at least rardecode 2.2.0 and cut a release.

Status

Affected

Impact

Govulncheck found vulnerable symbols in Go binaries at the following locations: in xeol-fips-0.10.8-r18.apk, at usr/bin/xeol, usr/bin/xeol.

Status

Under investigation

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CGA-249c-xjgg-69ch

Severity

References

Updates

The trusted source for open source

Product

Solutions

Customers

Resources

Company