Another LZ4 Security Issue Analyzed
Written by Michael Larabel in Free Software on 13 July 2014 at 10:19 PM EDT. 7 Comments
At the end of June I mentioned LZO and LZ4 security issues were uncovered while coming to light in the past week was another potential LZ4 security vulnerability for the lossless data compression library.

Phoronix reader OxBADCODE wrote in today explaining, "Another security issue has been found in LZ4 compression library. Buzz around LZ4 and LZO security issues has caused even more thorough code review of LZ4 library. As the result it has been discovered that in some rare circumstances LZ4 can potentially perform undesired memory accesses, which can be security issue on some architectures. This bug is hard to use for practical purposes, only happens on 32-bit architectures and only affects some of them (to the date its only known it could be potentially usable to conduct attacks on ARM). However, it still can be good idea to update LZ4 lib to newer version, r119, where this problem has been corrected."

The latest LZ4 security issue mentioned is this bug and analyzed in greater detail via this blog post.

About The Author
Author picture

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter or contacted via

Related Free Software News
Popular News
Trending Reviews & Featured Articles