andreyu / Simple Viewer GL / issues / #25 - fixing off-by-one error in lz4.c — Bitbucket

Issue #25 resolved

Blake Childress created an issue 2021-04-06

LZ4 is subject to a heap-based overflow in some use cases. More details found here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-17543

Fix can be made by adding one symbol in lz4.c, found here: https://github.com/lz4/lz4/commit/d7cad81093cd805110291f84d64d385557d0ffba

Since pull requests are not enabled, hopefully this issue finds you well :D

Comments (2)

Andrey Ugolnik repo owner
Thanks, I have updated the LZ4 module to v1.9.3.
- 2021-04-07T16:07:01+00:00
Andrey Ugolnik repo owner
- changed status to resolved
- 2021-04-07T16:07:13+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: resolved

Version: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!