OSV-2021-1055

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libvips/OSV-2021-1055.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2021-1055

Published

2021-07-25T00:00:32.621715Z

Modified

2023-02-24T02:01:14.670136Z

Summary

UNKNOWN WRITE in jxl::ModularFrameDecoder::DecodeGroup

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36456

Crash type: UNKNOWN WRITE
Crash state:
jxl::ModularFrameDecoder::DecodeGroup
jxl::FrameDecoder::ProcessACGroup
jxl::ThreadPool::RunCallState&lt;jxl::FrameDecoder::ProcessSections

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36456

Affected packages

OSS-Fuzz / libvips

Package

Name: libvips
Purl: pkg:generic/libvips

Affected ranges

Type: GIT
Repo: https://github.com/libvips/libvips
Events: Introduced

813a5f84cf94c9e7c0fe9b043c545500aef11411

Fixed

86466a9b9ab37c0f469d84797d477260aa669cfa

Fixed

728f2e29053d03ad5d82b4bbfbc1ca91f24e7cf6

Affected versions

v8.*

v8.11

v8.11.0

v8.11.0-rc1

v8.11.1

v8.11.2

v8.11.3

v8.11.4

Ecosystem specific

{
    "severity": "HIGH"
}

Database specific

{
    "fixed_range": "86466a9b9ab37c0f469d84797d477260aa669cfa:728f2e29053d03ad5d82b4bbfbc1ca91f24e7cf6"
}