High severityOSV Advisory· Published Nov 28, 2025· Updated Apr 15, 2026
CVE-2025-12183
CVE-2025-12183
Description
Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
at.yawk.lz4:lz4-javaMaven | < 1.8.1 | 1.8.1 |
org.lz4:lz4-javaMaven | < 1.8.1 | 1.8.1 |
org.lz4:lz4-pure-javaMaven | <= 1.8.0 | — |
net.jpountz.lz4:lz4Maven | <= 1.3.0 | — |
Affected products
1Patches
1d041c28d3d4cVulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-vqf4-7m7x-wgfcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-12183ghsaADVISORY
- www.openwall.com/lists/oss-security/2025/12/01/5nvdWEB
- github.com/yawkat/lz4-java/releases/tag/v1.8.1nvdWEB
- sites.google.com/sonatype.com/vulnerabilities/cve-2025-12183ghsaWEB
- www.sonatype.com/security-advisories/cve-2025-12183nvdWEB
News mentions
0No linked articles in our index yet.