There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
{ "ubuntu_priority": "medium", "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "binary_name": "liblz4-1", "binary_version": "0.0~r114-2ubuntu1+esm2" }, { "binary_name": "liblz4-1-dbg", "binary_version": "0.0~r114-2ubuntu1+esm2" }, { "binary_name": "liblz4-1-dbgsym", "binary_version": "0.0~r114-2ubuntu1+esm2" }, { "binary_name": "liblz4-dev", "binary_version": "0.0~r114-2ubuntu1+esm2" }, { "binary_name": "liblz4-dev-dbgsym", "binary_version": "0.0~r114-2ubuntu1+esm2" }, { "binary_name": "liblz4-tool", "binary_version": "0.0~r114-2ubuntu1+esm2" }, { "binary_name": "liblz4-tool-dbgsym", "binary_version": "0.0~r114-2ubuntu1+esm2" } ] }
{ "ubuntu_priority": "medium", "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "binary_name": "liblz4-1", "binary_version": "0.0~r131-2ubuntu2+esm1" }, { "binary_name": "liblz4-1-dbg", "binary_version": "0.0~r131-2ubuntu2+esm1" }, { "binary_name": "liblz4-1-dbgsym", "binary_version": "0.0~r131-2ubuntu2+esm1" }, { "binary_name": "liblz4-dev", "binary_version": "0.0~r131-2ubuntu2+esm1" }, { "binary_name": "liblz4-dev-dbgsym", "binary_version": "0.0~r131-2ubuntu2+esm1" }, { "binary_name": "liblz4-tool", "binary_version": "0.0~r131-2ubuntu2+esm1" }, { "binary_name": "liblz4-tool-dbgsym", "binary_version": "0.0~r131-2ubuntu2+esm1" } ] }
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "liblz4-1", "binary_version": "0.0~r131-2ubuntu3.1" }, { "binary_name": "liblz4-1-dbg", "binary_version": "0.0~r131-2ubuntu3.1" }, { "binary_name": "liblz4-dev", "binary_version": "0.0~r131-2ubuntu3.1" }, { "binary_name": "liblz4-tool", "binary_version": "0.0~r131-2ubuntu3.1" } ] }
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "liblz4-1", "binary_version": "1.9.2-2ubuntu0.20.04.1" }, { "binary_name": "liblz4-1-dbgsym", "binary_version": "1.9.2-2ubuntu0.20.04.1" }, { "binary_name": "liblz4-dev", "binary_version": "1.9.2-2ubuntu0.20.04.1" }, { "binary_name": "liblz4-tool", "binary_version": "1.9.2-2ubuntu0.20.04.1" }, { "binary_name": "lz4", "binary_version": "1.9.2-2ubuntu0.20.04.1" }, { "binary_name": "lz4-dbgsym", "binary_version": "1.9.2-2ubuntu0.20.04.1" } ] }
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "liblz4-1", "binary_version": "1.9.3-2" }, { "binary_name": "liblz4-1-dbgsym", "binary_version": "1.9.3-2" }, { "binary_name": "liblz4-dev", "binary_version": "1.9.3-2" }, { "binary_name": "liblz4-tool", "binary_version": "1.9.3-2" }, { "binary_name": "lz4", "binary_version": "1.9.3-2" }, { "binary_name": "lz4-dbgsym", "binary_version": "1.9.3-2" } ] }