OSV-2021-1597

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libvips/OSV-2021-1597.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2021-1597

Published

2021-11-21T00:00:11.620406Z

Modified

2022-04-13T03:28:21.999954Z

Summary

UNKNOWN READ in void jxl::CopyImageTo<int>

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41217

Crash type: UNKNOWN READ
Crash state:
void jxl::CopyImageTo<int>
jxl::ModularFrameDecoder::DecodeGroup
jxl::FrameDecoder::ProcessACGroup

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41217

Affected packages

OSS-Fuzz / libvips

Package

Name: libvips
Purl: pkg:generic/libvips

Affected ranges

Type: GIT
Repo: https://github.com/libvips/libvips
Events: Introduced

cb58d7d9600282802d2d04a04254f6d9dfefe203

Fixed

5b089951ac8e92670df03ddfaca5d5f2b7cbbebd

Affected versions

v8.*

v8.12.0

v8.12.1

v8.12.2

Ecosystem specific

{
    "severity": "MEDIUM"
}

Database specific

{
    "introduced_range": "4fd2de57540082b80c4c67a4cd1efc7bd7d86b42:f352bcd1911d8076a5d5a218d2d15f5d583d4e5b",
    "fixed_range": "de199fe59cde38290709c7eb0d25406daa1314d7:5b089951ac8e92670df03ddfaca5d5f2b7cbbebd"
}