Vulnerabilities in LZO and LZ4 compression libraries
Recently disclosed vulnerabilities in the LZO and LZ4 compression libraries could allow remote code execution under certain circumstances. While these libraries are used by a large number of platforms and applications, not all programs may be vulnerable to exploitation.
US-CERT recommends that all developers who either implement or import the LZO or LZ4 libraries into their software check for susceptibility to CVE-2014-4608, CVE-2014-4715, and CVE-2014-4611.
Users and administrators should apply software security updates as they become available.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-41940 WebPros…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2024-1708 ConnectWise ScreenConnect Path…