Homepage
About Snyk

net.jpountz.lz4:lz4@1.0.0 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the net.jpountz.lz4:lz4 package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Improper Input Validation

net.jpountz.lz4:lz4 is a package for LZ4 compression for Java

Affected versions of this package are vulnerable to Improper Input Validation. The lz4_uncompress function in lib/lz4/lz4_decompress.c on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation.

How to fix Improper Input Validation?

Upgrade net.jpountz.lz4:lz4 to version 1.3.0 or higher.

[,1.3.0)
  • M
Denial of Service (DoS)

net.jpountz.lz4:lz4 Yann Collet LZ4 before r119, when used on certain 32-bit platforms that allocate memory beyond 0x80000000, does not properly detect integer overflows, which allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run, a different vulnerability than [CVE-2014-4611].

How to fix Denial of Service (DoS)?

Upgrade net.jpountz.lz4:lz4 to version 1.3.0 or higher.

[,1.3.0)
Go back to all versions of this package