OSV-2021-667

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/php/OSV-2021-667.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2021-667
Published
2021-04-21T00:01:18.024661Z
Modified
2022-04-13T03:04:33.337810Z
Summary
Heap-buffer-overflow in _estrdup
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33445

Crash type: Heap-buffer-overflow READ 12
Crash state:
_estrdup
exif_process_user_comment
exif_process_IFD_TAG_impl
References

Affected packages

OSS-Fuzz / php

Package

Name
php
Purl
pkg:generic/php

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src.git
Events
Introduced
2bebe104c127582e9b9ab5d165717ebee44e8afc
Fixed
8bb81226c167e0c90a1f87357e9abd32c05076c8
Fixed
c4a749c932f4ae54b2730420dbc45bf0365b8984

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific 

{
    "fixed_range": "2bebe104c127582e9b9ab5d165717ebee44e8afc:c4a749c932f4ae54b2730420dbc45bf0365b8984"
}