By the Year
In 2022 there have been 0 vulnerabilities in Lz4project Lz4 . Last year Lz4 had 1 security vulnerability published. Right now, Lz4 is on track to have less security vulnerabilities in 2022 than it did last year.
It may take a day or so for new Lz4 vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Lz4project Lz4 Security Vulnerabilities
There's a flaw in lz4
9.8 - Critical
- June 02, 2021
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications
8.1 - High
- October 14, 2019
LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."