{"id":"UBUNTU-CVE-2014-4607","details":"Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.","modified":"2026-02-04T03:32:35.353333Z","published":"2014-07-09T00:00:00Z","related":["USN-2300-1"],"upstream":["CVE-2014-4607"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-4607"},{"type":"REPORT","url":"https://rhn.redhat.com/errata/RHSA-2014-0861.html"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2300-1"},{"type":"REPORT","url":"http://www.kde.org/info/security/advisory-20140803-1.txt"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2014-4607"}],"affected":[{"package":{"name":"krfb","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/krfb@4:4.13.0-0ubuntu1.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4:4.13.0-0ubuntu1.1"}]}],"versions":["4:4.11.2-0ubuntu1","4:4.11.80-0ubuntu1","4:4.11.95-0ubuntu1","4:4.11.97-0ubuntu1","4:4.12.0-0ubuntu1","4:4.12.1-0ubuntu1","4:4.12.2-0ubuntu1","4:4.12.3-0ubuntu1","4:4.12.90-0ubuntu1","4:4.12.95-0ubuntu1","4:4.12.97-0ubuntu1","4:4.13.0-0ubuntu1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"4:4.13.0-0ubuntu1.1","binary_name":"krfb"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-4607.json"}},{"package":{"name":"lzo2","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/lzo2@2.06-1.2ubuntu1.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.06-1.2ubuntu1.1"}]}],"versions":["2.06-1.2","2.06-1.2ubuntu1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.06-1.2ubuntu1.1","binary_name":"liblzo2-2"},{"binary_version":"2.06-1.2ubuntu1.1","binary_name":"liblzo2-dev"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-4607.json"}},{"package":{"name":"grub2","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/grub2@2.04-1ubuntu26.8?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.04-1ubuntu26.8"}]}],"versions":["2.04-1ubuntu12","2.04-1ubuntu13","2.04-1ubuntu14","2.04-1ubuntu16","2.04-1ubuntu18","2.04-1ubuntu20","2.04-1ubuntu21","2.04-1ubuntu22","2.04-1ubuntu23","2.04-1ubuntu24","2.04-1ubuntu25","2.04-1ubuntu26","2.04-1ubuntu26.1","2.04-1ubuntu26.2","2.04-1ubuntu26.3","2.04-1ubuntu26.4","2.04-1ubuntu26.6","2.04-1ubuntu26.7"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-common"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-coreboot"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-coreboot-bin"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-efi"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-efi-amd64"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-efi-amd64-bin"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-efi-amd64-signed-template"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-efi-arm"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-efi-arm-bin"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-efi-arm64"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-efi-arm64-bin"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-efi-arm64-signed-template"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-efi-ia32"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-efi-ia32-bin"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-emu"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-firmware-qemu"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-ieee1275"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-ieee1275-bin"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-linuxbios"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-pc"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-pc-bin"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-rescue-pc"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-theme-starfield"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-uboot"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-uboot-bin"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-xen"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-xen-bin"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub-xen-host"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub2"},{"binary_version":"2.04-1ubuntu26.8","binary_name":"grub2-common"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-4607.json"}},{"package":{"name":"grub2-signed","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/grub2-signed@1.142.10?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.142.10"}]}],"versions":["1.128","1.129","1.130","1.131","1.133","1.134","1.135","1.136","1.137","1.138","1.139","1.140","1.141","1.142","1.142.1","1.142.3","1.142.4","1.142.5","1.142.6","1.142.8","1.142.9"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"1.142.10+2.04-1ubuntu26.8","binary_name":"grub-efi-amd64-signed"},{"binary_version":"1.142.10+2.04-1ubuntu26.8","binary_name":"grub-efi-arm64-signed"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-4607.json"}},{"package":{"name":"grub2-unsigned","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/grub2-unsigned@2.04-1ubuntu47.4?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.04-1ubuntu47.4"}]}],"versions":["2.04-1ubuntu44","2.04-1ubuntu44.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.04-1ubuntu47.4","binary_name":"grub-efi-amd64"},{"binary_version":"2.04-1ubuntu47.4","binary_name":"grub-efi-amd64-bin"},{"binary_version":"2.04-1ubuntu47.4","binary_name":"grub-efi-arm64"},{"binary_version":"2.04-1ubuntu47.4","binary_name":"grub-efi-arm64-bin"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-4607.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}