LZO & LZ4 Security Vulnerabilities Disclosed
The latest open-source security issues uncovered affect LZO and LZ4 and the issues run back years.
Phoronix reader "OxBADCODE" wrote in this morning to share, "Major security issue strikes 2 opensource compression libraries widely used in opensource world: LZO and LZ4. Interestingly, it appeared 20 years ago...While most use cases are not actually vulnerable due to use of blocks which are smaller than it takes to trigger bug, some applications could be vulnerable. Most notably, ffmpeg/libav appears to be affected by these bugs."
The issues were posted by Don A. Bailey of Lab Mouse Security. The LZO security issue is disclosed here and the LZ4 core issue here.
Phoronix reader "OxBADCODE" wrote in this morning to share, "Major security issue strikes 2 opensource compression libraries widely used in opensource world: LZO and LZ4. Interestingly, it appeared 20 years ago...While most use cases are not actually vulnerable due to use of blocks which are smaller than it takes to trigger bug, some applications could be vulnerable. Most notably, ffmpeg/libav appears to be affected by these bugs."
The issues were posted by Don A. Bailey of Lab Mouse Security. The LZO security issue is disclosed here and the LZ4 core issue here.
15 Comments