2417718 – (CVE-2025-12183) CVE-2025-12183 lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure

Bug 2417718 (CVE-2025-12183) - CVE-2025-12183 lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure

Summary: CVE-2025-12183 lz4-java: lz4-java: Out-of-bounds memory operations lead to de...

Keywords:
Status:	NEW
Alias:	CVE-2025-12183
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-11-28 16:01 UTC by OSIDB Bzimport
Modified:	2026-02-04 11:32 UTC (History)
CC List:	80 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2026:1870	None	None	None	2026-02-04 11:32:50 UTC
Red Hat Product Errata	RHSA-2026:1871	None	None	None	2026-02-04 05:13:00 UTC
Red Hat Product Errata	RHSA-2026:1872	None	None	None	2026-02-04 04:47:29 UTC

Description OSIDB Bzimport 2025-11-28 16:01:06 UTC

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.

Comment 4 errata-xmlrpc 2026-02-04 04:47:23 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.1

Via RHSA-2026:1872 https://access.redhat.com/errata/RHSA-2026:1872

Comment 5 errata-xmlrpc 2026-02-04 05:12:54 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9

Via RHSA-2026:1871 https://access.redhat.com/errata/RHSA-2026:1871

Comment 6 errata-xmlrpc 2026-02-04 11:32:44 UTC

This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8

Via RHSA-2026:1870 https://access.redhat.com/errata/RHSA-2026:1870

Note You need to log in before you can comment on or make changes to this bug.

aazores
abrianik
anstephe
asoldano
ataylor
avibelli
bbaranow
bgeorges
bmaxwell
brian.stansberry
ccranfor
chfoley
clement.escoffier
cmah
csutherl
dandread
darran.lofthouse
dhanak
dkreling
dosoudil
drosa
dsoumis
eaguilar
ebaron
eric.wittmann
fjuma
fmariani
fmongiar
ggrzybek
gmalinko
gsmet
ibek
istudens
ivassile
iweiss
janstey
jcantril
jclere
jmartisk
jnethert
jolong
jpechane
jrokos
kverlaen
lthon
manderse
mnovotny
mosmerov
msvehla
nipatil
nwallace
olubyans
pantinor
parichar
pberan
pdelbell
pesilva
pgallagh
pjindal
plodge
pmackay
probinso
rguimara
rkubis
rmaucher
rojacob
rruss
rstancel
rstepani
rsvoboda
sausingh
sbiarozk
smaestri
swoodman
szappis
tasato
tcunning
tom.jenkinson
tqvarnst
yfang