Lucene search

K
cvelistMitreCVELIST:CVE-2019-17543
HistoryOct 14, 2019 - 1:09 a.m.

CVE-2019-17543

2019-10-1401:09:00
mitre
www.cve.org
13
lz4
buffer overflow
data corruption
cve-2019-17543
lz4_compress_destsize.

AI Score

8.2

Confidence

High

EPSS

0.008

Percentile

81.5%

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states “only a few specific / uncommon usages of the API are at risk.”

References