OSV-2017-97

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/librawspeed/OSV-2017-97.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2017-97

Published

2021-01-13T21:57:40.779998Z

Modified

2022-04-13T03:04:36.488088Z

Summary

Use-after-poison in rawspeed::unroll_loop_t<void rawspeed::LJpegDecompressor::decodeN<4>

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4451

Crash type: Use-after-poison WRITE 2
Crash state:
rawspeed::unroll_loop_t&lt;void rawspeed::LJpegDecompressor::decodeN<4>
void rawspeed::LJpegDecompressor::decodeN<4>
rawspeed::AbstractLJpegDecompressor::decode

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4451

Affected packages

OSS-Fuzz / librawspeed

Package

Name: librawspeed
Purl: pkg:generic/librawspeed

Affected ranges

Type: GIT
Repo: https://github.com/darktable-org/rawspeed.git
Events: Introduced

45e6fd6c608326ae7df6419c62cc8db6a2f15281

Fixed

580add2219c696e425087bc61b952f4ccb295f09

Ecosystem specific

{
    "severity": "HIGH",
    "fixed_range": "297ccdd0e7dfd378aeb2a3896987baa5d96ed344:580add2219c696e425087bc61b952f4ccb295f09"
}