OSV-2021-1429

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openexr/OSV-2021-1429.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2021-1429
Published
2021-10-10T00:00:16.052480Z
Modified
2022-04-13T03:30:44.800436Z
Summary
Heap-buffer-overflow in unpack_16bit
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39737

Crash type: Heap-buffer-overflow WRITE 2
Crash state:
unpack_16bit
exr_decoding_run
Imf_3_1::checkCoreFile
References

Affected packages

OSS-Fuzz / openexr

Package

Name
openexr
Purl
pkg:generic/openexr

Affected ranges

Type
GIT
Repo
https://github.com/AcademySoftwareFoundation/openexr
Events
Introduced
5ae1ec0fd948e9e1009093148126636b5bbce4d8
Fixed
b39b63a1d2989a90655cd9b02b0fe8af8cd8c017
Fixed
06575aaaf7eb0bff820585123449dd8967b47f46
Introduced
526d92aa76bc79556d73c4e01ac2c2100a601ed4
Fixed
8b65408c5db588eb4ec7e0563040b1ce356c6691

Ecosystem specific 

{
    "severity": "HIGH"
}

Database specific 

{
    "fixed_range": "9d05d50eddacf4c5afac725617e12dfb5407e3cb:06575aaaf7eb0bff820585123449dd8967b47f46"
}