Home CVE Database CVE-2014-4607

CVE-2014-4607

Description

An integer overflow may occur when processing any variant of a literal run in the lzo1x_decompress_safe function. Each of these three locations is subject to an integer overflow when processing zero bytes. This exposes the code that copies literals to memory corruption. It should be noted that if the target is 64bit liblzo2, the overflow is still possible, but impractical. An overflow would require so much input data that an attack would be infeasible even in modern computers. This issue is LAZARUS.1

Priority: --
CVSS v3: 0.0
Publish Date: --
Related ID: --
CVSS v2: 0.0
Modified Date: --

Find out more about CVE-2014-4607 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Product Name Status Defect Fixed Downloads
Linux
Wind River Linux LTS 17 Not Vulnerable -- -- --
Wind River Linux 9 Not Vulnerable -- -- --
Wind River Linux 8 Not Vulnerable -- -- --
Wind River Linux LTS 18 Not Vulnerable -- -- --
Wind River Linux LTS 19 Not Vulnerable -- -- --
Wind River Linux CD release Not Vulnerable -- -- --
VxWorks
VxWorks 7 Not Vulnerable -- -- --
VxWorks 6.9 Not Vulnerable -- -- --

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

busybox

Live chat
Online