CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

Astra Linux – Vulnerability in lz4

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that call LZ4compressfast with a large input. This issue can also lead to data corruption. NOTE: The vendor states that “only a few specific/rare uses of the API are at risk.”...

8.1CVSS7.3AI score0.09116EPSS

Exploits0References2

OSV•added 2026/06/11 8:34 p.m.•12 views

GHSA-HV8M-JJ95-WG3X MessagePack's LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input

Impact A vulnerability exists in the optional LZ4 decompression path used by MessagePack compression modes Lz4Block and Lz4BlockArray. The decoder implementation is based on a deprecated fast-decompression algorithm that does not take a source-length bound. A remote attacker can send a crafted...

8.2CVSS5.6AI score0.00296EPSS

Exploits0References2

Positive Technologies•added 2026/06/11 12:0 a.m.•11 views

PT-2026-48814

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description An issue exists in the optional LZ4 decompression path used by compression modes Lz4Block and Lz4BlockArray. The decoder uses a deprecated...

8.2CVSS6AI score0.00296EPSS

Exploits0References5

OSV•added 2026/05/26 7:4 p.m.•13 views

JLSEC-2026-532

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability...

9.8CVSS6.8AI score0.03216EPSS

Exploits0References10

OSV•added 2026/04/25 12:45 a.m.•4 views

CLEANSTART-2026-HQ78610 Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java

Multiple security vulnerabilities affect the trino package. Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. See references for individual vulnerability details...

9.8CVSS7.2AI score0.00765EPSS

Exploits4References30

CVE•added 2026/03/20 12:49 a.m.•23 views

CVE-2026-32829

CVE-2026-32829 affects the Rust library lz4_flex, a pure Rust LZ4 implementation. Technical details from the provided sources show that in versions 0.11.5 and earlier, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previously decompress...

8.2CVSS5.7AI score0.00443EPSS

Exploits0References3Affected Software1

IBM Security Bulletins•added 2026/02/02 6:37 p.m.•6 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in yawkat LZ4 Java

Summary Multiple vulnerabilities in yawkat LZ4 Java that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and...

8.8CVSS7.4AI score0.0068EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/12/17 8:7 a.m.•6 views

CVE-2025-67721

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allow remote attackers to read previous buffer contents via...

6.3CVSS6.9AI score0.00363EPSS

Exploits0References1

CVE•added 2025/12/12 10:11 p.m.•93 views

CVE-2025-67721

CVE-2025-67721 affects Aircompressor (Java) up to version 3.3. Improper handling of malformed data in Java-based Snappy and LZ4 decompressors can cause a read of previous buffer contents when the same output buffer is reused for multiple inputs, e.g., in a web server. This may leak sensitive data...

7.5CVSS6.5AI score0.00363EPSS

Exploits0References3Affected Software1

CNNVD•added 2025/12/12 12:0 a.m.•4 views

Aircompressor 安全漏洞

Aircompressor is an airlift open source library that ports the Snappy, LZO, LZ4 and Zstandard compression algorithms to Java. Aircompressor 3.3 and earlier versions contain a security vulnerability that stems from improper handling of malformed data by the Snappy and LZ4 decompressors, which coul...

7.5CVSS6.1AI score0.00363EPSS

Exploits0References3

BDU FSTEC•added 2023/11/11 12:0 a.m.•5 views

The vulnerability of the LZ4 data compression algorithm, which allows unauthorized access to confidential data by writing beyond the buffer boundaries, thereby enabling attackers to compromise the integrity of sensitive information and cause service interruptions.

The vulnerability of the lossless LZ4 data compression algorithm is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and even cause service interruptions...

9.3CVSS7.1AI score0.09116EPSS

Exploits0References10Affected Software5

OSV•added 2022/03/14 11:15 p.m.•2 views

DEBIAN-CVE-2021-42387

Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl loop, a 16-bit unsigned user-supplied value 'offset' is read from the compressed data. The offset is later used in the length of a copy operation, without checking the...

8.1CVSS8AI score0.01549EPSS

Exploits1References1

OSV•added 2017/06/14 12:0 a.m.•0 views

UBUNTU-CVE-2017-7773

Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor...

8.8CVSS7.2AI score0.01418EPSS

Exploits1References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by