Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-4715

Yann Collet LZ4 before r119, when used on certain 32-bit platforms that allocate memory beyond 0x80000000, does not properly detect integer overflows, which allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run, a different vulnerability than CVE-2014-4611.

Related bugs and status

CVE-2014-4715 (Candidate) is related to these bugs:

Bug #1403328: Sync lz4 0.0~r122-2 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	1403328	Sync lz4 0.0~r122-2 (universe) from Debian unstable (main)		lz4 (Ubuntu)	Wishlist	Fix Released

Bug #1531923: [MIR] lz4

Summary				In	Importance	Status
	1531923	[MIR] lz4		lz4 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://blog.securitymo...
CONFIRM: http://fastcompression...
CONFIRM: https://code.google.co...
CONFIRM: https://code.google.co...
SECUNIA: 59770