OSV-2020-1833

Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libavif/OSV-2020-1833.yaml
Published
2020-09-25T00:00:04.438974Z
Modified
2022-04-13T03:04:41.876574Z
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25903

Crash type: Heap-buffer-overflow READ 4
Crash state:
avifROStreamRead
avifROStreamReadU32
avifROStreamReadBoxHeader
References

Affected packages

OSS-Fuzz / libavif

Package

Name
libavif

Affected ranges

Type
GIT
Repo
https://github.com/AOMediaCodec/libavif.git
Events
Introduced
16104711fe1a92cadb454e6330cc343c7cdfd00e
Fixed
b86bc3c8296f7d37cacf674ee031851cd513b8e4
Fixed
76556c4c24cb935039e1ba87006d80fb513a8d7b

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific 

{
    "fixed_range": "3c7cfd95cac1680c5722805ef30f71a247473567:76556c4c24cb935039e1ba87006d80fb513a8d7b"
}