Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » LZO algorithm patched after 20 years

LZO algorithm patched after 20 years


Softpedia - (International) The CEO of Lab Mouse Security revealed that an integer overflow bug in the Lempel-Ziv-Oberhumer (LZO) compression and decompression algorithm has been present for as long as 20 years, leaving software using the algorithm vulnerable to remote code execution and denial of service attacks. The algorithm has been integrated into a variety of software, including the Linux kernel, some Android phones, medical equipment, and others, though the variety of applications means that attackers would need to build custom malicious payloads in order to exploit the issue.


Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at:

Last Updated: 27 May 2016 10:20:43