2405977 – (CVE-2025-62813) CVE-2025-62813 lz4: LZ4 null handling error

Bug 2405977 (CVE-2025-62813) - CVE-2025-62813 lz4: LZ4 null handling error

Summary: CVE-2025-62813 lz4: LZ4 null handling error

Keywords:
Status:	NEW
Alias:	CVE-2025-62813
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2406136 2406137
Blocks:
TreeView+	depends on / blocked

Reported:	2025-10-23 04:01 UTC by OSIDB Bzimport
Modified:	2025-12-04 11:54 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-10-23 04:01:50 UTC

LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks.

Comment 2 Timothée Ravier 2025-11-03 11:18:10 UTC

Maintainers says that this is not a CVE: https://github.com/lz4/lz4/pull/1593#issuecomment-3459207943

Note You need to log in before you can comment on or make changes to this bug.