Lz4 Lz4project Lz4

Do you want an email whenever new security vulnerabilities are reported in Lz4project Lz4?

By the Year

In 2022 there have been 0 vulnerabilities in Lz4project Lz4 . Last year Lz4 had 1 security vulnerability published. Right now, Lz4 is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 1 9.80
2020 0 0.00
2019 1 8.10
2018 0 0.00

It may take a day or so for new Lz4 vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Lz4project Lz4 Security Vulnerabilities

There's a flaw in lz4

CVE-2021-3520 9.8 - Critical - June 02, 2021

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.

Memory Corruption

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications

CVE-2019-17543 8.1 - High - October 14, 2019

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."

Memory Corruption

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Lz4project Lz4 or by Lz4project? Click the Watch button to subscribe.

Lz4project
Vendor

subscribe