Vulnerability Description
Yann Collet LZ4 before r119, when used on certain 32-bit platforms that allocate memory beyond 0x80000000, does not properly detect integer overflows, which allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run, a different vulnerability than CVE-2014-4611.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yann Collet | Lz4 | <= r118 |
Related Weaknesses (CWE)
References
- http://blog.securitymouse.com/2014/07/i-was-wrong-proving-lz4-exploitable.html
- http://fastcompression.blogspot.fr/2014/07/software-vulnerabilities-how-it-works
- http://secunia.com/advisories/59770
- https://code.google.com/p/lz4/issues/detail?id=134
- https://code.google.com/p/lz4/source/detail?r=119
- http://blog.securitymouse.com/2014/07/i-was-wrong-proving-lz4-exploitable.html
- http://fastcompression.blogspot.fr/2014/07/software-vulnerabilities-how-it-works
- http://secunia.com/advisories/59770
- https://code.google.com/p/lz4/issues/detail?id=134
- https://code.google.com/p/lz4/source/detail?r=119
FAQ
What is CVE-2014-4715?
CVE-2014-4715 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Yann Collet LZ4 before r119, when used on certain 32-bit platforms that allocate memory beyond 0x80000000, does not properly detect integer overflows, which allows context-dependent attackers to cause...
How severe is CVE-2014-4715?
CVE-2014-4715 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4715?
Check the references section above for vendor advisories and patch information. Affected products include: Yann Collet Lz4.