CVE-2018-11498

CVE-2018-11498 affects Lizard v1.0 and LZ5 v2.0. A buffer size check is missing in Lizard_decompress_LIZv1 (lib/lizard_decompress_liz.h) during memcpy, enabling remote attackers to trigger denial of service or remote code execution with crafted input. Sources from CNVD/FreeBSD VuXML/NVD OSV corro...

CVE-2018-16985

In Lizard (formerly LZ5) 2.0, CVE-2018-16985 arises from an invalid memory address in LZ5_compress_continue (lz5_compress.c), related to LZ5_compress_fastSmall and MEM_read32. This leads to a segmentation fault and application crash, causing denial of service. Details on affected products/version...