337 matches found
CVE-2026-25920
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, a heap out-of-bounds read vulnerability exists in SumatraPDF's MOBI HuffDic decompressor. The bounds check in AddCdicData only validates half the range that DecodeOne actually accesses. Opening a crafted .mobi file can read...
CVE-2026-25920
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, a heap out-of-bounds read vulnerability exists in SumatraPDF's MOBI HuffDic decompressor. The bounds check in AddCdicData only validates half the range that DecodeOne actually accesses. Opening a crafted .mobi file can read...
sumatrapdf 缓冲区错误漏洞
sumatrapdf is an open-source PDF reader developed by sumatrapdfreader. Versions of sumatrapdf 3.5.2 and earlier have a buffer error vulnerability. This vulnerability stems from heap out-of-bound reading in the MOBI HuffDic decompressor, which may lead to crashes...
lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure
A flaw was found in lz4-java. This vulnerability allows remote attackers to cause denial of service DoS and read adjacent memory via untrusted compressed input. This vulnerability affects only programs using the unsafe LZ4decompressfast API, known as the "fast" decompressor...
lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing
A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...
lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing
A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...
lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure
A flaw was found in lz4-java. This vulnerability allows remote attackers to cause denial of service DoS and read adjacent memory via untrusted compressed input. This vulnerability affects only programs using the unsafe LZ4decompressfast API, known as the "fast" decompressor...
lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing
A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...
SUSE CVE-2025-66566
yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is...
MiracleLinux 8 : java-17-openjdk-17.0.2.0.8-4.el8 (AXSA:2022-2986:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2986:01 advisory. OpenJDK: Incomplete deserialization class filtering in ObjectInputStream Serialization, 8264934 CVE-2022-21248 OpenJDK: Incorrect reading of TIFF...
lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing
A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001895)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001895 advisory. Multiple integer overflows in the lzo1xdecompresssafe function in lib/lzo/lzo1xdecompresssafe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow...
lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing
A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...
lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure
A flaw was found in lz4-java. This vulnerability allows remote attackers to cause denial of service DoS and read adjacent memory via untrusted compressed input. This vulnerability affects only programs using the unsafe LZ4decompressfast API, known as the "fast" decompressor...
lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing
A flaw was found in lz4-java. This vulnerability allows disclosure of sensitive data via crafted compressed input due to insufficient clearing of the output buffer in Java-based decompressor implementations...
lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure
A flaw was found in lz4-java. This vulnerability allows remote attackers to cause denial of service DoS and read adjacent memory via untrusted compressed input. This vulnerability affects only programs using the unsafe LZ4decompressfast API, known as the "fast" decompressor...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the autodecompress feature in the ZLibDecompressor class. An attacker can exhaust system memory by sending a compressed request that, when decompressed, consumes excessive...
CVE-2025-67721
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allow remote attackers to read previous buffer contents via...
aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer
Summary Incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lead to disclosure of...
CVE-2025-67721 Aircompressor's Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer
Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allow remote attackers to read previous buffer contents via...