OSV-2020-2308

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libheif/OSV-2020-2308.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2020-2308

Published

2021-02-10T00:00:17.357392Z

Modified

2024-11-20T14:28:41.970980Z

Summary

Heap-buffer-overflow in derive_collocated_motion_vectors

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30568

Crash type: Heap-buffer-overflow READ 1
Crash state:
derive_collocated_motion_vectors
derive_temporal_luma_vector_prediction
fill_luma_motion_vector_predictors

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30568

Affected packages

OSS-Fuzz / libheif

Package

Name: libheif
Purl: pkg:generic/libheif

Affected ranges

Type: GIT
Repo: https://github.com/strukturag/libheif.git
Events: Introduced

2490273566a1690d7ca28f7bd30fd3ac0977796f

Affected versions

v1.*

v1.10.0

v1.11.0

v1.12.0

v1.13.0

v1.14.0

v1.14.1

v1.14.2

v1.15.0

v1.15.1

v1.15.2

v1.16.0

v1.16.1

v1.16.2

v1.17.0

v1.17.1

v1.17.2

v1.17.3

v1.17.4

v1.17.5

v1.17.6

v1.18.0

v1.18.0-rc1

v1.18.1

v1.18.2

v1.19.0

v1.19.1

v1.19.2

v1.19.3

v1.19.4

v1.19.5

v1.8.0

v1.9.0

v1.9.1

Ecosystem specific

{
    "severity": "MEDIUM"
}