Lz4project Lz4
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Lz4project Lz4.
By the Year
In 2026 there have been 0 vulnerabilities in Lz4project Lz4. Last year, in 2025 Lz4 had 1 security vulnerability published. Right now, Lz4 is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 9.80 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 0.00 |
It may take a day or so for new Lz4 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Lz4project Lz4 Security Vulnerabilities
LZ4 <=1.10.0 NULL Check Bypass in LZ4F_createCDict_advanced Causes DoS
CVE-2025-62813
- October 23, 2025
There's a flaw in lz4
CVE-2021-3520
9.8 - Critical
- June 02, 2021
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
Integer Overflow or Wraparound
LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications
CVE-2019-17543
- October 14, 2019
LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Lz4project Lz4 or by Lz4project? Click the Watch button to subscribe.
