{"id":"CVE-2025-62813","details":"LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks.","modified":"2026-04-12T18:47:03.869709Z","published":"2025-10-23T04:17:26Z","related":["openSUSE-SU-2025:15675-1","openSUSE-SU-2025:15678-1","openSUSE-SU-2025:15679-1","openSUSE-SU-2025:15688-1"],"references":[{"type":"FIX","url":"https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82"},{"type":"FIX","url":"https://github.com/lz4/lz4/pull/1593"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/lz4/lz4","events":[{"introduced":"0"},{"fixed":"f64efec011c058bd70348576438abac222fe6c82"}]}],"versions":["r117","r118","r119","r120","r121","r122","r123","r124","r125","r126","r127","r128","r129","rc129v0","v1.7.3","v1.7.4","v1.8.1.2","v1.9.2"],"database_specific":{"vanir_signatures":[{"digest":{"function_hash":"225782966864926491045288464278832475932","length":24267},"signature_version":"v1","source":"https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82","target":{"function":"unitTests","file":"tests/frametest.c"},"signature_type":"Function","id":"CVE-2025-62813-113f94e5","deprecated":false},{"digest":{"line_hashes":["332608582304014380467753467143509951841","50886572946490946286611918646210099609","129398529307472199756518623979529014370","324042168469431775028340054983864219021","288883537054180006644898713140380269466","206256248527652675764643297586053647170","203012080813423471672444651209950498288","122145250713612736475494194750482000666","16632524685976716104385460536201654169","238962125557679242507077855820380752536"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82","target":{"file":"lib/lz4frame.c"},"signature_type":"Line","id":"CVE-2025-62813-41d74731","deprecated":false},{"digest":{"function_hash":"97526900605964814508432690058133343948","length":1060},"signature_version":"v1","source":"https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82","target":{"function":"LZ4F_createCDict_advanced","file":"lib/lz4frame.c"},"signature_type":"Function","id":"CVE-2025-62813-64d4ec06","deprecated":false},{"digest":{"function_hash":"243143041969126542145369150777856054551","length":830},"signature_version":"v1","source":"https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82","target":{"function":"LZ4F_getFrameInfo","file":"lib/lz4frame.c"},"signature_type":"Function","id":"CVE-2025-62813-8f31516f","deprecated":false},{"digest":{"line_hashes":["103543759960311232541626902268807341579","15648141084978597439250461441972195448","313961838680455206081658768039495779064","145973144811171871169014524178054921231","217445093110744554858237585668045982087","6479145236002571182534101258166644232"],"threshold":0.9},"signature_version":"v1","source":"https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82","target":{"file":"tests/frametest.c"},"signature_type":"Line","id":"CVE-2025-62813-f475a093","deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62813.json","vanir_signatures_modified":"2026-04-12T18:47:03Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}]}