LZ4 is a widely-used lossless compression algorithm.
LZ4 is subject to a heap-based buffer overflow in releases prior to 1.9.2 as described in CVE-2019-17543.
fix
Full Report
The projects listed below potentially contain the vulnerability and have been touched in 2020.

blob = 08495055e5ed8bd95a04db95d31d0970bd292cdc

commit = b6a35254d284deb031d90a952dd498b88eed4521
head_commit = 001eaa84f8ef3317b2715a9a89b33066d8a8a1ad (2020-05-12:04:20:04)
path = 3rdparty/manticore/manticoresearch/src/lz4/lz4.c
project = github.com/lucmichalski/sboost

blob = c8f49cc1b20af1cf06986530fb1f88c53c8de463
commit = 01e06c7ff1162f98bf876eb4c0b9b3bd3a9319ea
head_commit = 7110e94cb583e5fbfefb70ede40d305674261c5a (2020-08-05:23:59:01)
path = ext/lz4/lz4.c
project = github.com/LiamTyler/OpenGL_Starter
project = github.com/LiamTyler/Progression

blob = c51145615a38f9e27dd8bf2f22df54b9b3870d1b
commit = 6cd00e1861b91b2352395921db9bb245681987b8
head_commit = 5b6ccb0bc17992c78d71a24d695225fd55416974 (2020-03-10:17:45:10)
path = third-party/lz4/src/lz4.c
project = bitbucket.org/andreyu/simple-viewer-gl
commit = 6ce370fa9fcf8388307f11e809b15e5a01bd4928
head_commit = 7110e94cb583e5fbfefb70ede40d305674261c5a (2020-08-05:23:59:01)
path = ext/lz42/lz4.c
project = github.com/LiamTyler/OpenGL_Starter
project = github.com/LiamTyler/Progression

blob = 08495055e5ed8bd95a04db95d31d0970bd292cdc

blob = c8f49cc1b20af1cf06986530fb1f88c53c8de463

blob = c51145615a38f9e27dd8bf2f22df54b9b3870d1b