Lz4project Lz4
By the Year
In 2024 there have been 0 vulnerabilities in Lz4project Lz4 . Lz4 did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 9.80 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 8.10 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Lz4 vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Lz4project Lz4 Security Vulnerabilities
There's a flaw in lz4
CVE-2021-3520
9.8 - Critical
- June 02, 2021
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
Integer Overflow or Wraparound
LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications
CVE-2019-17543
8.1 - High
- October 14, 2019
LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Lz4project Lz4 or by Lz4project? Click the Watch button to subscribe.
