{"id":"CVE-2014-4608","details":"Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run.  NOTE: the author of the LZO algorithms says \"the Linux kernel is *not* affected; media hype.","modified":"2026-04-10T03:43:53.260561Z","published":"2014-07-03T04:22:15Z","related":["SUSE-RU-2015:0621-1","SUSE-SU-2015:0481-1","SUSE-SU-2015:0581-1","SUSE-SU-2015:0736-1","SUSE-SU-2015:1174-1","SUSE-SU-2015:1376-1"],"database_specific":{"isDisputed":true},"references":[{"type":"ADVISORY","url":"http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2015-0062.html"},{"type":"ADVISORY","url":"http://secunia.com/advisories/60011"},{"type":"ADVISORY","url":"http://secunia.com/advisories/60174"},{"type":"ADVISORY","url":"http://secunia.com/advisories/62633"},{"type":"ADVISORY","url":"http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2"},{"type":"ADVISORY","url":"http://www.oberhumer.com/opensource/lzo/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2014/06/26/21"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/68214"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2416-1"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2417-1"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2418-1"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2419-1"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2420-1"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2421-1"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1113899"},{"type":"ADVISORY","url":"https://github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2014/06/26/21"},{"type":"FIX","url":"https://github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1113899"},{"type":"WEB","url":"http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206a81c18401c0cde6e579164f752c4b147324ce"},{"type":"WEB","url":"https://www.securitymouse.com/lms-2014-06-16-2"}],"schema_version":"1.7.5"}