{"id":"CVE-2018-11498","details":"In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted input file, as well as achieve remote code execution.","modified":"2026-07-08T05:50:50.225410232Z","published":"2018-05-26T20:29:00.357Z","database_specific":{"unresolved_ranges":[{"vendor_product":"lizard_project:lz5","cpes":["cpe:2.3:a:lizard_project:lz5:2.0:*:*:*:*:*:*:*"],"source":"CPE_STRING","extracted_events":[{"introduced":"2.0"},{"last_affected":"2.0"}]}]},"references":[{"type":"ADVISORY","url":"https://github.com/inikep/lizard/issues/16"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/inikep/lizard","events":[{"introduced":"46c50f0b4bc15c53c6dbed87756bce2ca5556ccd"},{"last_affected":"46c50f0b4bc15c53c6dbed87756bce2ca5556ccd"}],"database_specific":{"cpe":"cpe:2.3:a:lizard_project:lizard:1.0:*:*:*:*:*:*:*","extracted_events":[{"introduced":"1.0"},{"last_affected":"1.0"}],"source":"CPE_STRING"}}],"versions":["1.0","v1.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11498.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}