Security vulnerabilities and automated fixes for decompression issues
1 post found
A critical heap buffer overflow vulnerability was discovered in the LZMA decompression library (`LzmaDec.c`), where attacker-controlled compressed input could manipulate copy lengths passed directly to `memcpy` without bounds validation. This class of vulnerability can allow attackers to overwrite adjacent heap memory, potentially leading to arbitrary code execution or process crashes. A targeted bounds check was added to validate the output size before the copy operation, closing the attack pat