pseitz lz4_flex CVE Vulnerabilities (1)

CVEs: 1 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting pseitz lz4_flex (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

CVE	Summary	Source	Max CVSS	EPSS %	Published	Updated
CVE-2026-32829	lz4_flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values during LZ4 "match copy operations," allowing out-of-bounds reads from the output buffer. The block-based API functions (`decompress_into`, `decompress_into_with_dict`, and others when `safe-decode` is	[email protected]	8.2	0.44%	2026-03-20	2026-06-17

cvelogic Threat Intelligence