Skip to main content

Lz4 Flex

1 CVEs product

Monthly

CVE-2026-32829 Cargo HIGH PATCH This Week

Information disclosure in lz4_flex compression library versions 0.11.5 and below and 0.12.0 allows attackers to read sensitive data from uninitialized memory or previous decompression operations through crafted LZ4 input that triggers out-of-bounds reads in the block-based decompression API. The vulnerability affects Ubuntu and Debian systems using vulnerable versions of lz4_flex, particularly when the safe-decode feature is disabled. No patch is currently available, leaving affected systems exposed to potential exposure of cryptographic keys and other sensitive data.

Information Disclosure Lz4 Flex
NVD GitHub VulDB
CVSS 4.0
8.2
EPSS
0.0%
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Information disclosure in lz4_flex compression library versions 0.11.5 and below and 0.12.0 allows attackers to read sensitive data from uninitialized memory or previous decompression operations through crafted LZ4 input that triggers out-of-bounds reads in the block-based decompression API. The vulnerability affects Ubuntu and Debian systems using vulnerable versions of lz4_flex, particularly when the safe-decode feature is disabled. No patch is currently available, leaving affected systems exposed to potential exposure of cryptographic keys and other sensitive data.

Information Disclosure Lz4 Flex
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy