OSV-2021-600

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libvips/OSV-2021-600.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2021-600
Published
2021-04-04T00:00:13.289894Z
Modified
2022-04-13T03:04:38.118602Z
Summary
Heap-buffer-overflow in gif_internal_decode_frame
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32855

Crash type: Heap-buffer-overflow WRITE {*}
Crash state:
gif_internal_decode_frame
gif_decode_frame
vips_foreign_load_nsgif_generate
References

Affected packages

OSS-Fuzz / libvips

Package

Name
libvips
Purl
pkg:generic/libvips

Affected ranges

Type
GIT
Repo
https://github.com/libvips/libvips
Events
Introduced
9e10f4bf0fccfdfc0e3a7a2acbb40abdb1611d9f
Fixed
f726edb7f71f05f2af6f08a7442354c1b70e9383
Introduced
9bdf5e8cda3e0c63584984282b1e36d97c50bb1a
Fixed
234c4684894adca556071d6aebcfeb47db9e967a

Ecosystem specific 

{
    "severity": "HIGH"
}