zstd

About this tag
Zstd, short for Zstandard, is a fast compression algorithm developed by Facebook. On WindowsForum.com, discussions about zstd focus on security vulnerabilities and patches, particularly CVE-2022-4899. This bug involves a buffer overrun in the zstd command-line interface when an empty string is passed to certain options, potentially causing crashes or process disruptions. The fix, implemented in upstream releases and distribution packages, rejects empty-directory arguments to prevent out-of-bounds buffer access. Users and administrators should ensure their zstd installations are updated to mitigate this issue.
  1. CVE-2022-4899: Zstd CLI Empty String Bug and Patch

    A subtle mistake in zstd’s argument-handling code allows a trivial input — an empty string passed to certain command-line options — to produce a buffer overrun that can crash or disable processes that use the zstd CLI. The bug, tracked as CVE-2022-4899, affects the zstd command-line utility...