CVE-2025-67721

Name of the Vulnerable Software and Affected Versions Aircompressor versions 3.3 and below

Description Aircompressor is a Java library providing ports of Snappy, LZO, LZ4, and Zstandard compression algorithms. Incorrect handling of malformed data in the Java-based decompressor implementations for Snappy and LZ4 allows remote attackers to read previous buffer contents via crafted compressed input. With specific crafted compressed inputs, elements from the output buffer can appear in the uncompressed output, potentially exposing sensitive data. This is particularly relevant for applications that reuse the same output buffer for multiple decompression operations, such as web servers utilizing fixed-size buffers for performance.

Recommendations Update to version 3.4 or later.