OSV-2020-1833

Import Source

JSON Data

https://api.osv.dev/v1/vulns/OSV-2020-1833

Published

2020-09-25T00:00:04.438974Z

Modified

2022-04-13T03:04:41.876574Z

Summary

Heap-buffer-overflow in avifROStreamRead

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25903

Crash type: Heap-buffer-overflow READ 4
Crash state:
avifROStreamRead
avifROStreamReadU32
avifROStreamReadBoxHeader

References

Affected packages

Type: GIT
Repo: https://github.com/AOMediaCodec/libavif.git
Events: Introduced

16104711fe1a92cadb454e6330cc343c7cdfd00e

Fixed

b86bc3c8296f7d37cacf674ee031851cd513b8e4

Fixed

76556c4c24cb935039e1ba87006d80fb513a8d7b

{
    "severity": "MEDIUM"
}

{
    "fixed_range": "3c7cfd95cac1680c5722805ef30f71a247473567:76556c4c24cb935039e1ba87006d80fb513a8d7b"
}