Lz4 Project - Lz4 CVE

Filtered by vendor Lz4 Project Subscribe

Filtered by product Lz4

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-17543	1 Lz4 Project	1 Lz4	2021-07-23	6.8 MEDIUM	8.1 HIGH
LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."

Vulnerabilities (CVE)