OSV-2020-1161

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libmpeg2/OSV-2020-1161.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2020-1161

Published

2020-07-22T21:49:52.257088Z

Modified

2022-04-13T03:04:33.814502Z

Summary

Heap-buffer-overflow in impeg2_fmt_conv_yuv420p_to_yuv420sp_uv

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16604

Crash type: Heap-buffer-overflow WRITE 1
Crash state:
impeg2_fmt_conv_yuv420p_to_yuv420sp_uv
impeg2d_format_convert
impeg2d_dec_pic_data_thread

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16604

Affected packages

OSS-Fuzz / libmpeg2

Package

Name: libmpeg2
Purl: pkg:generic/libmpeg2

Affected ranges

Type: GIT
Repo: https://android.googlesource.com/platform/external/libmpeg2
Events: Introduced

313d5efa2d866f01aaf25b015f31480ce095e7f5

Fixed

6f28264c1170fae4f6c847625f4a6d4467a3262b

Fixed

5c8de517396c1a3b5e12e6a345a8df78660cc2fc

Affected versions

android-10.*

android-10.0.0_r12

android-10.0.0_r13

android-10.0.0_r14

android-10.0.0_r30

android-10.0.0_r31

android-10.0.0_r32

android-10.0.0_r33

android-10.0.0_r34

android-10.0.0_r35

android-10.0.0_r36

android-10.0.0_r42

android-10.0.0_r43

android-10.0.0_r44

android-10.0.0_r45

android-10.0.0_r7

android-10.0.0_r8

android-10.0.0_r9

android-mainline-10.*

android-mainline-10.0.0_r10

android-mainline-10.0.0_r4

android-mainline-10.0.0_r5

android-mainline-10.0.0_r6

android-mainline-10.0.0_r7

android-mainline-10.0.0_r8

android-mainline-10.0.0_r9

Other

android-r-preview-1

android-r-preview-2

android-r-preview-3

android-r-preview-4

platform-tools-29.*

platform-tools-29.0.5

platform-tools-29.0.6

platform-tools-30.*

platform-tools-30.0.0

platform-tools-30.0.1

platform-tools-30.0.2

platform-tools-30.0.3

Ecosystem specific

{
    "severity": "HIGH",
    "introduced_range": "unknown:313d5efa2d866f01aaf25b015f31480ce095e7f5"
}