VYPR

Maven package

org.lz4/lz4-pure-java

pkg:maven/org.lz4/lz4-pure-java

Vulnerabilities (2)

  • CVE-2025-66566HigDec 5, 2025
    affected <= 1.8.1

    yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the

  • CVE-2025-12183HigNov 28, 2025
    affected <= 1.8.0

    Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.