OSV-2021-1615

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libvips/OSV-2021-1615.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2021-1615

Published

2021-11-24T00:00:37.422188Z

Modified

2022-04-13T03:04:38.071614Z

Summary

Heap-buffer-overflow in jxl::ModularFrameDecoder::DecodeGroup

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41283

Crash type: Heap-buffer-overflow READ {*}
Crash state:
jxl::ModularFrameDecoder::DecodeGroup
jxl::FrameDecoder::ProcessACGroup
jxl::ThreadPool::RunCallState&lt;jxl::FrameDecoder::ProcessSections

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41283

Affected packages

OSS-Fuzz / libvips

Package

Name: libvips
Purl: pkg:generic/libvips

Affected ranges

Type: GIT
Repo: https://github.com/libvips/libvips
Events: Introduced

cb58d7d9600282802d2d04a04254f6d9dfefe203

Fixed

5b089951ac8e92670df03ddfaca5d5f2b7cbbebd

Affected versions

v8.*

v8.12.0

v8.12.1

v8.12.2

Ecosystem specific

{
    "severity": "MEDIUM"
}

Database specific

{
    "introduced_range": "4fd2de57540082b80c4c67a4cd1efc7bd7d86b42:f352bcd1911d8076a5d5a218d2d15f5d583d4e5b",
    "fixed_range": "de199fe59cde38290709c7eb0d25406daa1314d7:5b089951ac8e92670df03ddfaca5d5f2b7cbbebd"
}