{"id":"USN-2300-1","summary":"lzo2 vulnerability","details":"Don A. Bailey discovered that LZO incorrectly handled certain input data.\nAn attacker could use this issue to cause LZO to crash, resulting in a\ndenial of service, or possibly execute arbitrary code.\n","modified":"2026-02-10T04:40:49Z","published":"2014-07-24T13:15:23Z","related":["UBUNTU-CVE-2014-4607"],"upstream":["CVE-2014-4607","UBUNTU-CVE-2014-4607"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2300-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-4607"}],"affected":[{"package":{"name":"lzo2","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/lzo2@2.06-1.2ubuntu1.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.06-1.2ubuntu1.1"}]}],"versions":["2.06-1.2","2.06-1.2ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"2.06-1.2ubuntu1.1","binary_name":"liblzo2-2"},{"binary_version":"2.06-1.2ubuntu1.1","binary_name":"liblzo2-dev"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2300-1.json","cves_map":{"cves":[{"id":"CVE-2014-4607","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:14.04:LTS"}}}],"schema_version":"1.7.3"}