{"id":"CVE-2018-16985","details":"In Lizard (formerly LZ5) 2.0, use of an invalid memory address was discovered in LZ5_compress_continue in lz5_compress.c, related to LZ5_compress_fastSmall and MEM_read32. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.","modified":"2026-03-14T09:28:16.412002Z","published":"2018-09-13T14:29:00.327Z","references":[{"type":"EVIDENCE","url":"https://github.com/inikep/lizard/issues/18"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/inikep/lizard","events":[{"introduced":"0"},{"last_affected":"6d3d5d53c8eb39372912b91d935ac4bcc63ac679"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.0"}]}}],"versions":["r131b","r132","v1.3.3","v1.4","v1.4.1","v1.5","v2.0","v2.0rc","v2.0rc2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16985.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}