[CVE-2025-12183] HIGH: lz4-java 1.8.0 - Out-of-bounds memory and information disclosure

## Vulnerability Report

| Field | Value |
|-------|-------|
| **CVEs** | `CVE-2025-12183`, `CVE-2025-66566` |
| **Severity** | **HIGH** (2 CVEs) |
| **Library** | `org.lz4:lz4-java` |
| **Source** | `workers.jar` |
| **Installed Version** | 1.8.0 |
| **Fixed Version** | 1.8.1 (CVE-2025-12183); unknown (CVE-2025-66566) |

### Summary

Two vulnerabilities in lz4-java:

1. **CVE-2025-12183** - Out-of-bounds memory operations lead to denial of service and information disclosure
2. **CVE-2025-66566** - Information Disclosure via Insufficient Output Buffer Clearing

### References

- [CVE-2025-12183](https://avd.aquasec.com/nvd/cve-2025-12183)
- [CVE-2025-66566](https://avd.aquasec.com/nvd/cve-2025-66566)

---
*Filed from container vulnerability scan of `workers.jar`*

Field	Value
CVEs	`CVE-2025-12183`, `CVE-2025-66566`
Severity	HIGH (2 CVEs)
Library	`org.lz4:lz4-java`
Source	`workers.jar`
Installed Version	1.8.0
Fixed Version	1.8.1 (CVE-2025-12183); unknown (CVE-2025-66566)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[CVE-2025-12183] HIGH: lz4-java 1.8.0 - Out-of-bounds memory and information disclosure #83

Vulnerability Report

Summary

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[CVE-2025-12183] HIGH: lz4-java 1.8.0 - Out-of-bounds memory and information disclosure #83

Description

Vulnerability Report

Summary

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions