CVE-2025-62813
Description
LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks.
How to fix CVE-2025-62813
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Debian/lz4—no fix listed
Is CVE-2025-62813 being exploited?
No exploitation signal available. Neither CISA KEV nor a current EPSS score has been published for CVE-2025-62813.
Affected packages (1)
- from 0