OSV-2021-1049

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libjxl/OSV-2021-1049.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2021-1049
Published
2021-07-25T00:00:06.796305Z
Modified
2022-04-13T03:04:41.828010Z
Summary
Container-overflow in jxl::InvSqueeze
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36485

Crash type: Container-overflow READ 8
Crash state:
jxl::InvSqueeze
jxl::Transform::Inverse
jxl::Image::undo_transforms
References

Affected packages

OSS-Fuzz / libjxl

Package

Name
libjxl
Purl
pkg:generic/libjxl

Affected ranges

Type
GIT
Repo
https://github.com/libjxl/libjxl.git
Events
Introduced
84c6421732054399e9b8046f1cdf2e999dbaaab2
Fixed
f134b5a31da90e743af41fb6cc227af06b91bcc2
Introduced
d8b577c75ba31f93399ea4b13cd019422d529106
Fixed
ad4cac4bf89949007922f1147648c91fcee83b7b
Fixed
42740f77f787850a25e356c4be4e1fb4204f3bb1

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific 

{
    "fixed_range": "b97a929d49b7bc2ee2c710e1874bd0b5fd4d6862:42740f77f787850a25e356c4be4e1fb4204f3bb1"
}