2417718 – (CVE-2025-12183) CVE-2025-12183 lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure

Bug 2417718 (CVE-2025-12183) - CVE-2025-12183 lz4-java: lz4-java: Out-of-bounds memory operations lead to denial of service and information disclosure

Summary: CVE-2025-12183 lz4-java: lz4-java: Out-of-bounds memory operations lead to de...

Keywords:
Status:	NEW
Alias:	CVE-2025-12183
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-11-28 16:01 UTC by OSIDB Bzimport
Modified:	2025-12-08 20:33 UTC (History)
CC List:	80 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-11-28 16:01:06 UTC

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.

Note You need to log in before you can comment on or make changes to this bug.

aazores
abrianik
anstephe
asoldano
ataylor
avibelli
bbaranow
bgeorges
bmaxwell
brian.stansberry
ccranfor
chfoley
clement.escoffier
cmah
csutherl
dandread
darran.lofthouse
dhanak
dkreling
dosoudil
drosa
dsoumis
eaguilar
ebaron
eric.wittmann
fjuma
fmariani
fmongiar
ggrzybek
gmalinko
gsmet
ibek
istudens
ivassile
iweiss
janstey
jcantril
jclere
jmartisk
jnethert
jolong
jpechane
jrokos
jscholz
kverlaen
lthon
manderse
mnovotny
mosmerov
msvehla
nipatil
nwallace
olubyans
pantinor
parichar
pdelbell
pesilva
pgallagh
pjindal
plodge
pmackay
probinso
rguimara
rkubis
rmaucher
rojacob
rruss
rstancel
rstepani
rsvoboda
sausingh
sbiarozk
smaestri
swoodman
szappis
tasato
tcunning
tom.jenkinson
tqvarnst
yfang