CVE-2019-17543: Buffer Overflow

Published Oct 14, 2019
·
Updated

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."

Affected Software

1 affected component
Lz4 Project Lz4<1.9.2

Remediation

Patch Available

https://github.com/lz4/lz4/pull/756

Patch Available

https://github.com/lz4/lz4/pull/760

Event History

Oct 14, 2019
CVE Published
via MITRE·01:09 AM
Data Sourced
via MITRE·01:09 AM
Description
Jan 30, 2026
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is CVE-2019-17543?

CVE-2019-17543 is a vulnerability in LZ4 before version 1.9.2 that allows for a heap-based buffer overflow in LZ4_write32, leading to potential data corruption. It affects applications that call LZ4_compress_fast with a large input.

2

What is the severity of CVE-2019-17543?

The severity of CVE-2019-17543 is high, with a CVSS score of 8.1.

3

Which software is affected by CVE-2019-17543?

IBM Security Verify Access versions up to but excluding 1.9.2 are affected by CVE-2019-17543.

4

How can I fix CVE-2019-17543?

To fix CVE-2019-17543, upgrade LZ4 to version 1.9.2 or later.

5

Are there any references related to CVE-2019-17543?

Yes, you can find more information about CVE-2019-17543 at the following references: [Link 1](http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00069.html), [Link 2](http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00070.html), [Link 3](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15941).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203