OSV-2021-456

Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-456.yaml
Published
2021-02-28T00:01:15.686942Z
Modified
2022-06-21T00:04:16.450502Z
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31460

Crash type: Heap-buffer-overflow READ 1
Crash state:
grk::Quantizer::read_SQcd_SQcc
grk::CodeStreamDecompress::read_qcd
grk::CodeStreamDecompress::process_marker
References

Affected packages

OSS-Fuzz / grok

grok

Affected ranges

Affected versions

v8.*

v8.0.1
v8.0.2
v8.0.3

v9.*

v9.0.0
v9.1.0
v9.2.0
v9.3.0
v9.4.0
v9.5.0
v9.5.0.debian
v9.6.0
v9.7.0
v9.7.1
v9.7.2
v9.7.3
v9.7.4
v9.7.5
v9.7.5.debian
v9.7.6
v9.7.7
v9.7.8

Ecosystem specific

{
    "severity": "MEDIUM"
}