An out-of-bounds heap read in unlzma leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that internally supports LZMA compression. CREATE(Triage):(User=admin) [CVE-2021-42374|https://nvd.nist.gov/vuln/detail/CVE-2021-42374]