HIGH
PSeitz
CVE published 2026-03-20
CVE-2026-32829
CVE-2026-32829 is a vulnerability in lz4_flex, a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values during LZ4 'match copy operations,' allowing out-of-bounds reads from the [truncated]