VYPR
High severity7.3NVD Advisory· Published Jul 3, 2014· Updated Jun 17, 2026

CVE-2014-4608

CVE-2014-4608

Description

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9
  • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 3 more
    • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
  • Linux/Kernel2 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: <3.15.2
    • (no CPE)range: <3.15.2
  • cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*

Patches

Vulnerability mechanics

References

22

News mentions

0

No linked articles in our index yet.