aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer
Incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lead to disclosure of sensitive data.