yawkat LZ4 Java has a possible information leak in Java safe decompressor

Summary Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lea...

CVE-2025-66566 yawkat LZ4 Java has a possible information leak in Java safe decompressor

yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is...

CVE-2025-66566 yawkat LZ4 Java has a possible information leak in Java safe decompressor

yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is...

CVE-2025-66566 yawkat LZ4 Java has a possible information leak in Java safe decompressor

yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is...

yawkat LZ4 Java has a possible information leak in Java safe decompressor

Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lead to...

Out-of-bounds Read

Overview org.lz4:lz4-java is a Java port of the LZ4 compression algorithm and the xxHash hashing algorithm. Affected versions of this package are vulnerable to Out-of-bounds Read due to the use of the insecure LZ4decompressfast in the underlying lz4 library, which lacks bounds checks. An attacker...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to the use of the insecure LZ4decompressfast in the underlying lz4 library, which lacks bounds checks. An attacker can cause denial of service or access sensitive memory contents by providing specially crafted...

Out-of-bounds Read

Overview net.jpountz.lz4:lz4 is a package for LZ4 compression for Java Affected versions of this package are vulnerable to Out-of-bounds Read due to the use of the insecure LZ4decompressfast in the underlying lz4 library, which lacks bounds checks. An attacker can cause denial of service or acces...