PT-2014-6020 · Lzo+5 · Liblzo2+6

Don A. Bailey

Published

2014-07-08

Updated

2024-06-15

CVE-2014-4607

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions liblzo2 versions prior to 2.07 lzo-2 versions prior to 2.07

Description The issue is related to an integer overflow in the LZO algorithm variant. This might allow remote attackers to execute arbitrary code via a crafted Literal Run. The estimated number of potentially affected devices is not specified.

Recommendations For liblzo2 versions prior to 2.07, update to version 2.07 or later. For lzo-2 versions prior to 2.07, update to version 2.07 or later. As a temporary workaround, consider restricting access to the LZO algorithm variant until a patch is available.

Exploit

Fix

RCE

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2014-1929

AZL-40776

CESA-2014_0861

CVE-2014-4607

DLA-1445-1

DLA-2559-1

DLA-35-1

DSA-2995-1

MGASA-2014-0290

MGASA-2014-0351

MGASA-2014-0352

MGASA-2014-0355

MGASA-2014-0356

MGASA-2014-0357

MGASA-2014-0358

MGASA-2014-0359

MGASA-2014-0360

MGASA-2014-0361

MGASA-2014-0362

MGASA-2014-0363

MGASA-2014-0378

MGASA-2014-0432

OPENSUSE-SU-2024:10342-1

OPENSUSE-SU-2024:10854-1

OPENSUSE-SU-2024:11089-1

RHSA-2014:0861

RHSA-2014_0861

SUSE-SU-2014_0904-1

SUSE-SU-2014_0955-1

USN-2300-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Liblzo2

Lzo-2

PT-2014-6020 · Lzo+5 · Liblzo2+6

CVE-2014-4607

Weakness Enumeration

Related Identifiers

Affected Products

References · 104