OSV-2021-654

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libjpeg-turbo/OSV-2021-654.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2021-654

Published

2021-04-18T00:01:02.873828Z

Modified

2022-04-13T03:04:37.704903Z

Summary

Heap-buffer-overflow in decode_mcu_fast

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33340

Crash type: Heap-buffer-overflow READ 1
Crash state:
decode_mcu_fast
decode_mcu
consume_data

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33340

Affected packages

OSS-Fuzz / libjpeg-turbo

Package

Name: libjpeg-turbo
Purl: pkg:generic/libjpeg-turbo

Affected ranges

Type: GIT
Repo: https://github.com/libjpeg-turbo/libjpeg-turbo
Events: Introduced

171b875b272f47f1ae42a5009c64f424db22a95b

Fixed

4de8f6922a9be7d0a51a429e367283fd40031b26

Ecosystem specific

{
    "severity": "HIGH",
    "introduced_range": "3ab3234875bd58320b1646c086f95511ab67c972:d147be83e9a9f904918ba7f834b0fb28e09de9b5",
    "fixed_range": "d147be83e9a9f904918ba7f834b0fb28e09de9b5:4de8f6922a9be7d0a51a429e367283fd40031b26"
}