CVE-2014-4715

Priority
Description
Yann Collet LZ4 before r119, when used on certain 32-bit platforms that
allocate memory beyond 0x80000000, does not properly detect integer
overflows, which allows context-dependent attackers to cause a denial of
service (memory corruption) or possibly have unspecified other impact via a
crafted Literal Run, a different vulnerability than CVE-2014-4611.
Ubuntu-Description
It was discovered that LZ4 incorrectly handled integers. An attacker could
possibly use this issue to cause a denial of service or other unspecified
impact.
Notes
Package
Source: eet (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Source: efl (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 19.10 (Eoan Ermine):not-affected (code not present)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (code not present)
Ubuntu 20.10 (Groovy Gorilla):not-affected (code not present)
Package
Priority: Low
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [42.0+build2-0ubuntu0.12.04.1])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [42.0+build2-0ubuntu0.14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (42.0+build2-0ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (42.0+build2-0ubuntu1)
Ubuntu 19.10 (Eoan Ermine):not-affected (42.0+build2-0ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (42.0+build2-0ubuntu1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (42.0+build2-0ubuntu1)
Package
Source: grub2 (LP Ubuntu Debian)
Priority: Low
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 19.10 (Eoan Ermine):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 19.10 (Eoan Ermine):not-affected (code not present)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (code not present)
Ubuntu 20.10 (Groovy Gorilla):not-affected (code not present)
Package
Source: lz4 (LP Ubuntu Debian)
Upstream:released (0.0~r119-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (0.0~r131-2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (0.0~r131-2)
Ubuntu 19.10 (Eoan Ermine):not-affected (0.0~r131-2)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (0.0~r131-2)
Ubuntu 20.10 (Groovy Gorilla):not-affected (0.0~r131-2)
Patches:
Upstream:https://github.com/lz4/lz4/commit/1411c2b6740b92cbe258465a20f43e8de6098a8f
Upstream:https://github.com/lz4/lz4/commit/3a9427237dae41c0abd0a07d8ac862cbb9a037c3
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 19.10 (Eoan Ermine):not-affected (code not present)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 19.10 (Eoan Ermine):not-affected
Ubuntu 20.04 LTS (Focal Fossa):not-affected
Ubuntu 20.10 (Groovy Gorilla):not-affected
Package
Priority: Low
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [1:38.4.0+build3-0ubuntu0.12.04.1])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [1:38.4.0+build3-0ubuntu0.14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1:38.3.0+build1-0ubuntu2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1:38.3.0+build1-0ubuntu2)
Ubuntu 19.10 (Eoan Ermine):not-affected (1:38.3.0+build1-0ubuntu2)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (1:38.3.0+build1-0ubuntu2)
Ubuntu 20.10 (Groovy Gorilla):not-affected (1:38.3.0+build1-0ubuntu2)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
More Information

Updated: 2020-05-07 04:14:38 UTC (commit 18413556f52da4f035bf11f7e365fefa1a2e4a18)