LZO: Multiple vulnerabilities

LZO: Multiple vulnerabilities An integer overflow in LZO might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. lzo 2017-01-02 2017-01-02 515238 remote 2.08 2.08

LZO is an extremely fast compression and decompression library

LZO is vulnerable to an integer overflow condition in the “lzo1x_decompress_safe” function which could result in a possible buffer overrun when processing maliciously crafted compressed input data.

A remote attacker could send specially crafted compressed input data possibly resulting in a Denial of Service condition or arbitrary code execution.

There is no known workaround at this time.

All LZO users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-libs/lzo-2.08"

CVE-2014-4607 BlueKnight BlueKnight