OSV-2020-778

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/draco/OSV-2020-778.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2020-778

Published

2020-07-14T05:37:30.449855Z

Modified

2024-01-18T14:11:43.087585Z

Summary

Heap-use-after-free in void draco::Metadata::AddEntry<std::__1::vector<unsigned char, std::__1::allocat

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24044

Crash type: Heap-use-after-free READ 8
Crash state:
void draco::Metadata::AddEntry&lt;std::__1::vector&lt;unsigned char, std::__1::allocat
draco::MetadataDecoder::DecodeEntry
draco::MetadataDecoder::DecodeMetadata

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24044

Affected packages

OSS-Fuzz / draco

Package

Name: draco
Purl: pkg:generic/draco

Affected ranges

Type: GIT
Repo: https://github.com/google/draco
Events: Introduced

25484b31235d1a35fa72be6ce8d1f7f286b5c0bf

Affected versions

1.*

1.4.0

1.4.1

1.4.3

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

Ecosystem specific

{
    "severity": "HIGH",
    "introduced_range": "aef4bfbd61798ecc21d94c873b679fbdeaf92462:79601d2d060be52e673a82ed1c46f4666eb28255"
}