DEBIAN-CVE-2014-4611

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2014-4611

Published: 03 Jul 2014, 04:22

Last modified:28 Apr 2026, 20:13

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

03 Jul 2014, 04:22

Published

Vulnerability first disclosed

28 Apr 2026, 20:13

Last Modified

Vulnerability information updated

Description

Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715.

Affected Systems

debian•linux
< 3.14.9-1 | < 3.14.9-1 | < 3.14.9-1 | < 3.14.9-1
debian•lz4
< 0.0~r119-1 | < 0.0~r119-1 | < 0.0~r119-1 | < 0.0~r119-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2014-4611