A recent post on a security blog has claimed that LZ4 is affected by a subtle bug which could result in remote code execution on basically any machine using LZ4 algorithm. Given that LZ4 is installed on basically every modern Linux distro, including critically Android, a majority share of the gigantic SmartPhone market; given that it is also part of modern file systems such as ZFS, shipped with FreeBSD and Illumos, used within widely deployed databases such as MySQL, and big data nodes powered by Hadoop, it must be a pretty big deal.
more here............http://fastcompression.blogspot.fr/2014/06/debunking-lz4-20-years-old-bug-myth.html
and here is Don A. Bailey from security mouse response to the above blog poster who is allegedly Yann Collet, the author of LZ4 and maintainer of the LZ4 reference implementation.....http://www.openwall.com/lists/oss-security/2014/06/27/2
more here............http://fastcompression.blogspot.fr/2014/06/debunking-lz4-20-years-old-bug-myth.html
and here is Don A. Bailey from security mouse response to the above blog poster who is allegedly Yann Collet, the author of LZ4 and maintainer of the LZ4 reference implementation.....http://www.openwall.com/lists/oss-security/2014/06/27/2