Lizard
Monthly
In Lizard (formerly LZ5) 2.0, use of an invalid memory address was discovered in LZ5_compress_continue in lz5_compress.c, related to LZ5_compress_fastSmall and MEM_read32. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In Lizard (formerly LZ5) 2.0, use of an invalid memory address was discovered in LZ5_compress_continue in lz5_compress.c, related to LZ5_compress_fastSmall and MEM_read32. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.