OSV-2017-116

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/librawspeed/OSV-2017-116.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2017-116

Published

2021-01-13T21:57:50.232817Z

Modified

2022-04-13T03:04:36.464826Z

Summary

Use-after-poison in rawspeed::OrfDecoder::decodeCompressed

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3012

Crash type: Use-after-poison WRITE 2
Crash state:
rawspeed::OrfDecoder::decodeCompressed
rawspeed::OrfDecoder::decodeRawInternal
rawspeed::RawDecoder::decodeRaw

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3012

Affected packages

OSS-Fuzz / librawspeed

Package

Name: librawspeed
Purl: pkg:generic/librawspeed

Affected ranges

Type: GIT
Repo: https://github.com/darktable-org/rawspeed.git
Events: Introduced

23d5018f6b231d62daa6543094a85747beb9654a

Fixed

16b0853077eec08bccb74aec29bb395c6eb5e50c

Ecosystem specific

{
    "severity": "HIGH",
    "introduced_range": "f0e9f60474d98883ab9343f584b73ca046263679:52da2b8fda29aa257088d91fb11877f909d578a2",
    "fixed_range": "1cd7fc3e0b353a45f63a0a2d98c8c793fbf6104c:16b0853077eec08bccb74aec29bb395c6eb5e50c"
}