OSV-2021-1437

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openexr/OSV-2021-1437.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2021-1437
Published
2021-10-11T00:01:37.363287Z
Modified
2022-04-13T03:38:15.105099Z
Summary
Heap-buffer-overflow in unpack_32bit
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39799

Crash type: Heap-buffer-overflow WRITE 4
Crash state:
unpack_32bit
exr_decoding_run
Imf_3_1::checkCoreFile
References

Affected packages

OSS-Fuzz / openexr

Package

Name
openexr
Purl
pkg:generic/openexr

Affected ranges

Type
GIT
Repo
https://github.com/AcademySoftwareFoundation/openexr
Events
Introduced
5ae1ec0fd948e9e1009093148126636b5bbce4d8
Fixed
b39b63a1d2989a90655cd9b02b0fe8af8cd8c017
Fixed
06575aaaf7eb0bff820585123449dd8967b47f46
Introduced
526d92aa76bc79556d73c4e01ac2c2100a601ed4
Fixed
8b65408c5db588eb4ec7e0563040b1ce356c6691

Ecosystem specific 

{
    "severity": "HIGH"
}

Database specific 

{
    "fixed_range": "9d05d50eddacf4c5afac725617e12dfb5407e3cb:06575aaaf7eb0bff820585123449dd8967b47f46"
}