CVE-2025-62813

Published: 10/23/2025Modified: 11/4/2025

Description

LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks.

Affected packages (1)

Debian/lz4from 0

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-62813