lz4: heap-based buffer overflow in LZ4_write32 (CVE-2019-17543)

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."

References:

https://nvd.nist.gov/vuln/detail/CVE-2019-17543
https://github.com/lz4/lz4/pull/756
https://github.com/lz4/lz4/pull/760

Affected branches:

Edited Apr 02, 2021 by Leo

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information