vulnerability

FreeBSD: VID-67c2eb06-5579-4595-801b-30355be24654 (CVE-2018-11498): lizard -- Negative size passed to memcpy resulting in memory corruption

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Jan 31, 2024

Added

Feb 1, 2024

Modified

Jun 15, 2026

Description

In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted input file, as well as achieve remote code execution.

Solution

freebsd-upgrade-package-lizard

References

CVE-2018-11498
https://attackerkb.com/topics/CVE-2018-11498
CWE-119
EUVD-EUVD-2018-3527
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-3527

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report