CVE-2025-62813
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-62813
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62813.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-62813
- Downstream
- Published
- 2025-10-23T04:17:26Z
- Modified
- 2025-10-24T03:50:01.735118Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4FcreateCDictadvanced in lib/lz4frame.c mishandles NULL checks.
- References
Affected packages
Git / github.com/lz4/lz4
Affected ranges
- Type
- GIT
- Repo
- https://github.com/lz4/lz4
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
lz4-r130
r117
r118
r119
r120
r121
r122
r123
r124
r125
r126
r127
r128
r129
r130
r131
rc129v0
v1.*
v1.7.3
v1.7.4
v1.7.4.2
v1.7.5
v1.8.0
v1.8.1
v1.8.1.2
v1.8.2
v1.8.3
v1.9.0
v1.9.1
v1.9.2
Database specific
vanir_signatures
[
{
"signature_type": "Function",
"digest": {
"function_hash": "225782966864926491045288464278832475932",
"length": 24267.0
},
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "unitTests",
"file": "tests/frametest.c"
},
"source": "https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82",
"id": "CVE-2025-62813-113f94e5"
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"332608582304014380467753467143509951841",
"50886572946490946286611918646210099609",
"129398529307472199756518623979529014370",
"324042168469431775028340054983864219021",
"288883537054180006644898713140380269466",
"206256248527652675764643297586053647170",
"203012080813423471672444651209950498288",
"122145250713612736475494194750482000666",
"16632524685976716104385460536201654169",
"238962125557679242507077855820380752536"
],
"threshold": 0.9
},
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "lib/lz4frame.c"
},
"source": "https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82",
"id": "CVE-2025-62813-41d74731"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "97526900605964814508432690058133343948",
"length": 1060.0
},
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "LZ4F_createCDict_advanced",
"file": "lib/lz4frame.c"
},
"source": "https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82",
"id": "CVE-2025-62813-64d4ec06"
},
{
"signature_type": "Function",
"digest": {
"function_hash": "243143041969126542145369150777856054551",
"length": 830.0
},
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "LZ4F_getFrameInfo",
"file": "lib/lz4frame.c"
},
"source": "https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82",
"id": "CVE-2025-62813-8f31516f"
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"103543759960311232541626902268807341579",
"15648141084978597439250461441972195448",
"313961838680455206081658768039495779064",
"145973144811171871169014524178054921231",
"217445093110744554858237585668045982087",
"6479145236002571182534101258166644232"
],
"threshold": 0.9
},
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "tests/frametest.c"
},
"source": "https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82",
"id": "CVE-2025-62813-f475a093"
}
]