OSV-2020-638

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2020-638.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2020-638

Published

2020-07-01T00:00:21.866519Z

Modified

2022-04-13T03:04:33.125806Z

Summary

Heap-buffer-overflow in OT::UnsizedArrayOf<OT::IntType<unsigned char, 1u> >::copy

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14637

Crash type: Heap-buffer-overflow READ 1
Crash state:
OT::UnsizedArrayOf&lt;OT::IntType&lt;unsigned char, 1u> >::copy
bool OT::OffsetTo&lt;OT::UnsizedArrayOf&lt;OT::IntType&lt;unsigned char, 1u> >, OT::IntTy
OT::NameRecord::copy

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=14637

Affected packages

OSS-Fuzz / harfbuzz

Package

Name: harfbuzz
Purl: pkg:generic/harfbuzz

Affected ranges

Type: GIT
Repo: https://github.com/harfbuzz/harfbuzz.git
Events: Introduced

59ee61fddc76cd18f19f351bca7dd293eb610333

Fixed

503748d8a80dd5db450c8c4dc109f2b97049d989

Ecosystem specific

{
    "severity": "MEDIUM"
}