diff --git a/docs/trophies.md b/docs/trophies.md index 795535927..716ee3129 100644 --- a/docs/trophies.md +++ b/docs/trophies.md @@ -56,3 +56,4 @@ Feel free to [open an issue](https://github.com/CodeIntelligenceTesting/jazzer/i | [alibaba/fastjson2](https://github.com/alibaba/fastjson2/) | `StackOverflowError` in `SerialContext` | [not fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33768) | [CVE-2022-41856](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41856) | [Code Intelligence](https://code-intelligence.com) | | [Apache/commons-jxpath](https://github.com/apache/commons-jxpath/) | Remote code execution via crafted `XPath` expression | [not fixed](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47133) | | [Code Intelligence](https://code-intelligence.com) | | [airlift/aircompressor](https://github.com/airlift/aircompressor) | Out-of-bounds memory access through `sun.misc.Unsafe` | fixed | [CVE-2024-36114](https://www.cve.org/CVERecord?id=CVE-2024-36114) | [@Marcono1234](https://github.com/Marcono1234) | +| [lz4/lz4-java](https://github.com/lz4/lz4-java) | Out-of-bounds memory access through `sun.misc.Unsafe` & JNI | [fixed](https://github.com/yawkat/lz4-java/releases/tag/v1.8.1) | [CVE-2025-12183](https://www.cve.org/CVERecord?id=CVE-2025-12183) | [@yawkat](https://github.com/yawkat), [@Marcono1234](https://github.com/Marcono1234) |