OSV-2020-674

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libhevc/OSV-2020-674.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2020-674

Published

2020-07-01T00:00:23.966789Z

Modified

2023-02-24T01:29:47.316559Z

Summary

Heap-buffer-overflow in ihevcd_mv_merge

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17196

Crash type: Heap-buffer-overflow READ 4
Crash state:
ihevcd_mv_merge
ihevcd_get_mv_ctb
ihevcd_parse_slice_data

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17196

Affected packages

OSS-Fuzz / libhevc

Package

Name: libhevc
Purl: pkg:generic/libhevc

Affected ranges

Type: GIT
Repo: https://android.googlesource.com/platform/external/libhevc
Events: Introduced

67e394c9f3743b8ce41f11736136319efcef6d3d

Fixed

4d36db275bb4d0abc410415f6d8f5af4bc179102

Affected versions

android-10.*

android-10.0.0_r12

android-10.0.0_r13

android-10.0.0_r14

android-10.0.0_r30

android-10.0.0_r31

android-10.0.0_r32

android-10.0.0_r33

android-10.0.0_r34

android-10.0.0_r35

android-10.0.0_r36

android-10.0.0_r7

android-10.0.0_r8

android-10.0.0_r9

android-mainline-10.*

android-mainline-10.0.0_r10

android-mainline-10.0.0_r11

android-mainline-10.0.0_r12

android-mainline-10.0.0_r13

android-mainline-10.0.0_r5

android-mainline-10.0.0_r6

android-mainline-10.0.0_r7

android-mainline-10.0.0_r8

android-mainline-10.0.0_r9

android-mainline-12.*

android-mainline-12.0.0_r111

android-mainline-12.0.0_r54

platform-tools-29.*

platform-tools-29.0.5

Other

q_tzdata_aml_294400310

q_tzdata_aml_295500001

q_tzdata_aml_295500002

q_tzdata_aml_295600110

Ecosystem specific

{
    "severity": "MEDIUM"
}