Skip to main content

Numeric Errors

CVE-2014-4715

Severity Medium
Score 5/10

Summary

Yann Collet LZ4 prior to r119, when used on certain 32-bit platforms that allocate memory beyond 0x80000000, does not properly detect integer overflows, which allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run, a different vulnerability than CVE-2014-4611. This affects Maven-net.jpountz.lz4:lz4 prior to 1.3.0, python-lz4 prior to v0.8.1, Npm-lz4 prior to 0.5.2.

  • LOW
  • NETWORK
  • NONE
  • NONE
  • NONE
  • PARTIAL

CWE-189 - Numeric Errors

Weaknesses in this category are related to improper calculation or conversion of numbers.

Advisory Timeline

  • Published