{"id":"CVE-2019-17543","details":"LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\"","modified":"2026-04-16T00:00:16.664088473Z","published":"2019-10-14T02:15:10.873Z","related":["ALSA-2025:11035","SUSE-SU-2019:2757-1","SUSE-SU-2021:1613-1","openSUSE-SU-2019:2398-1","openSUSE-SU-2019:2399-1","openSUSE-SU-2024:11034-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.html"},{"type":"WEB","url":"https://lists.apache.org/thread.html/25015588b770d67470b7ba7ea49a305d6735dd7f00eabe7d50ec1e17%40%3Cissues.arrow.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/543302d55e2d2da4311994e9b0debdc676bf3fd05e1a2be3407aa2d6%40%3Cissues.arrow.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/793012683dc0fa6819b7c2560e6cf990811014c40c7d75412099c357%40%3Cissues.arrow.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/9ff0606d16be2ab6a81619e1c9e23c3e251756638e36272c8c8b7fa3%40%3Cissues.arrow.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/f0038c4fab2ee25aee849ebeff6b33b3aa89e07ccfb06b5c87b36316%40%3Cissues.arrow.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/f506bc371d4a068d5d84d7361293568f61167d3a1c3e91f0def2d7d3%40%3Cdev.arrow.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r0fb226357e7988a241b06b93bab065bcea2eb38658b382e485960e26%40%3Cissues.kudu.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r4068ba81066792f2b4d208b39c4c4713c5d4c79bd8cb6c1904af5720%40%3Cissues.kudu.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r7bc72200f94298bc9a0e35637f388deb53467ca4b2e2ad1ff66d8960%40%3Cissues.kudu.apache.org%3E"},{"type":"WEB","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"WEB","url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"type":"ADVISORY","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941"},{"type":"ADVISORY","url":"https://github.com/lz4/lz4/compare/v1.9.1...v1.9.2"},{"type":"ADVISORY","url":"https://github.com/lz4/lz4/issues/801"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210723-0001/"},{"type":"FIX","url":"https://github.com/lz4/lz4/pull/756"},{"type":"FIX","url":"https://github.com/lz4/lz4/pull/760"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/lz4/lz4","events":[{"introduced":"0"},{"fixed":"fdf2ef5809ca875c454510610764d9125ef2ebbd"}],"database_specific":{"cpe":"cpe:2.3:a:lz4_project:lz4:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"1.9.2"}]}}],"versions":["r117","r118","r119","r120","r121","r122","r123","r124","r125","r126","r127","r128","r129","rc129v0","v1.7.3","v1.7.4","v1.8.1.2"],"database_specific":{"vanir_signatures":[{"deprecated":false,"signature_type":"Function","id":"CVE-2019-17543-b1728100","signature_version":"v1","source":"https://github.com/lz4/lz4/commit/fdf2ef5809ca875c454510610764d9125ef2ebbd","target":{"file":"tests/frametest.c","function":"fuzzerTests"},"digest":{"function_hash":"61011784323741544421519885770648292192","length":6841}},{"deprecated":false,"signature_type":"Line","id":"CVE-2019-17543-f2e73d94","signature_version":"v1","source":"https://github.com/lz4/lz4/commit/fdf2ef5809ca875c454510610764d9125ef2ebbd","target":{"file":"tests/frametest.c"},"digest":{"line_hashes":["325100058228336016223022397709697290259","200105775490831143229869207908691188226","165779088698909068794914726885539428532","83614538809166404914961511938413066878"],"threshold":0.9}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-17543.json","vanir_signatures_modified":"2026-04-11T20:52:56Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}