Reading Time: 2 minutes XZ Utils (formerly LZMA Utils) provides a general-purpose data-compression library plus command-line tools. March 29, 2024 is a day that will hardly be forgotten by the open source community: Andres Freund disclosed his findings about the compromise in the XZ Utils, which would enable an attacker to silently gain access to a targeted affected system. CVE-2024-3094 is a vulnerability discovered in the open-source library XZ Utils that stems from malicious code that was pushed into the library by one of its maintainers.