NULL pointer dereference in lz4-java - #VU137031
Published: July 7, 2026
lz4-java
Detailed vulnerability description
The vulnerability allows a remote user to cause a denial of service.
The vulnerability exists due to null pointer dereference in JNI-based XXHash implementations when processing a null byte array reference with a zero-length range. A remote user can pass a null array reference to native XXHash methods to cause a denial of service.
This affects the native XXHash hash and streaming update APIs, while Java-based XXHash implementations are not affected.