DescriptionInteger overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
Note from the SUSE Security TeamThe LZ4 compression module is not present in SUSE Linux Enterprise 11, so this codebase is not affected by this problem. SUSE Bugzilla entries: 883949 [RESOLVED / FIXED], 885389 [RESOLVED / FIXED] SUSE Security Advisories:
- openSUSE-SU-2014:0924-1, published Mon, 21 Jul 2014 10:05:46 +0200 (CEST)
- openSUSE-SU-2014:1677-1, published Sun, 21 Dec 2014 13:04:41 +0100 (CET)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE 13.1|| ||Patchnames:
|openSUSE Tumbleweed|| ||Patchnames:
openSUSE Tumbleweed GA edje