N/A

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.

N/A

整数溢出或超界折返

LZ4 输入验证错误漏洞

LZ4是一款无损压缩算法。 LZ4 1:1.9.3-1 存在输入验证错误漏洞，该漏洞源于整数溢出bug导致一个memmove参数变为负数而导致的潜在内存损坏。

N/A

N/A