OSV-2021-1415

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openexr/OSV-2021-1415.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2021-1415
Published
2021-10-07T00:00:14.846615Z
Modified
2023-02-24T01:51:34.418760Z
Summary
Heap-buffer-overflow in Imf_3_1::memstream_read
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39616

Crash type: Heap-buffer-overflow READ 8
Crash state:
Imf_3_1::memstream_read
dispatch_read
exr_read_scanline_chunk_info
References

Affected packages

OSS-Fuzz / openexr

Package

Name
openexr
Purl
pkg:generic/openexr

Affected ranges

Type
GIT
Repo
https://github.com/AcademySoftwareFoundation/openexr
Events
Introduced
f68dc195ef2079793e2ea68f089adca902f0a4d8
Fixed
b39b63a1d2989a90655cd9b02b0fe8af8cd8c017
Fixed
06575aaaf7eb0bff820585123449dd8967b47f46
Introduced
666e2064d10445c501d48544d2d4566c304015c7
Fixed
8b65408c5db588eb4ec7e0563040b1ce356c6691

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific 

{
    "fixed_range": "9d05d50eddacf4c5afac725617e12dfb5407e3cb:06575aaaf7eb0bff820585123449dd8967b47f46"
}