OSV-2021-1496

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libjxl/OSV-2021-1496.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2021-1496
Published
2021-10-28T00:00:18.879739Z
Modified
2022-04-13T03:04:41.801326Z
Summary
Heap-buffer-overflow in jxl::JxlBoxContentDecoder::Process
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40396

Crash type: Heap-buffer-overflow WRITE 1
Crash state:
jxl::JxlBoxContentDecoder::Process
JxlDecoderProcessInput
djxl_fuzzer.cc
References

Affected packages

OSS-Fuzz / libjxl

Package

Name
libjxl
Purl
pkg:generic/libjxl

Affected ranges

Type
GIT
Repo
https://github.com/libjxl/libjxl.git
Events
Introduced
f0b9147ee57805c4ab45abdf8d72e2da9c5a951c
Fixed
839ef3e392240fc3994b8b73e5164ac5cad4d30a
Fixed
aa62a07ffd86d19c55e15f3c5c10ba377e069289

Ecosystem specific 

{
    "severity": "HIGH"
}

Database specific 

{
    "fixed_range": "35ad5de736b3f1ea9784113e2e30ea424c251616:aa62a07ffd86d19c55e15f3c5c10ba377e069289"
}