CVE-2014-4607Integer Overflow or Wraparound in Liblzo2

CWE-190Integer Overflow or Wraparound19 documents8 sources
Severity
8.8HIGHNVD
EPSS
10.3%
top 6.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
BusyboxOberhumer Lzo2Oberhumer Liblzo2+3 more
Timeline
PublishedFeb 12
Latest updateMay 17

Description

Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

NVDoberhumer/liblzo2< 2.07
NVDoberhumer/lzo2< 2.07
Debianoberhumer/lzo2< 2.08-1+3
debiandebian/lzo2< busybox 1:1.22.0-10 (bookworm)
debiandebian/busybox< busybox 1:1.22.0-10 (bookworm)

🔴Vulnerability Details

2
GHSA
GHSA-cmpx-jgrc-px9h: Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 22022-05-17
OSV
CVE-2014-4607: Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 22020-02-12

📋Vendor Advisories

4
Microsoft
Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.2020-02-11
Ubuntu
LZO vulnerability2014-07-24
Red Hat
lzo: lzo1x_decompress_safe() integer overflow2014-06-26
Debian
CVE-2014-4607: busybox - Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 bef...2014

💬Community

12
Bugzilla
CVE-2014-4607 dump: lzo: lzo1x_decompress_safe() integer overflow [fedora-all]2014-08-21
Bugzilla
CVE-2014-4607 krfb: lzo: lzo1x_decompress_safe() integer overflow [fedora-all]2014-08-20
Bugzilla
CVE-2014-4607 icecream: lzo: lzo1x_decompress_safe() integer overflow [epel-all]2014-08-20
Bugzilla
CVE-2014-4607 blender: lzo: lzo1x_decompress_safe() integer overflow [fedora-all]2014-08-20
Bugzilla
CVE-2014-4607 icecream: lzo: lzo1x_decompress_safe() integer overflow [fedora-all]2014-08-20