OSV-2021-144

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/librawspeed/OSV-2021-144.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2021-144

Published

2021-01-13T21:56:24.820945Z

Modified

2022-04-13T03:04:36.476158Z

Summary

Use-of-uninitialized-value in rawspeed::RawImageData::checkMemIsInitialized

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7171

Crash type: Use-of-uninitialized-value
Crash state:
rawspeed::RawImageData::checkMemIsInitialized
Cr2Decompressor.cpp
rawspeed::alignedMalloc

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7171

Affected packages

OSS-Fuzz / librawspeed

Package

Name: librawspeed
Purl: pkg:generic/librawspeed

Affected ranges

Type: GIT
Repo: https://github.com/darktable-org/rawspeed.git
Events: Introduced

ad4f8565aa1ed3d2a9afb4ac56e17eeb06f70b8d

Fixed

d4852ee6da667d164373600d1bc8d205e2cdef6c

Ecosystem specific

{
    "severity": "MEDIUM",
    "introduced_range": "ff9d781241a0e3427a9579e1f3a2e16a33a3fca2:6edfe4b194df03ec49d9b3717f8a034f5b0842a3",
    "fixed_range": "ad4e71b7c254d3a86d295c9494d4d2bb87d53e83:d4852ee6da667d164373600d1bc8d205e2cdef6c"
}