OSV-2021-786

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libvips/OSV-2021-786.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2021-786
Published
2021-05-23T00:00:28.775952Z
Modified
2022-04-13T03:04:38.113052Z
Summary
Heap-buffer-overflow in jxl::PerformAlphaWeightedAdd
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34518

Crash type: Heap-buffer-overflow WRITE {*}
Crash state:
jxl::PerformAlphaWeightedAdd
jxl::PerformBlending
jxl::ImageBlender::RectBlender::DoBlending
References

Affected packages

OSS-Fuzz / libvips

Package

Name
libvips
Purl
pkg:generic/libvips

Affected ranges

Type
GIT
Repo
https://github.com/libvips/libvips
Events
Introduced
b78812f20018eadea7fb3e2774ef267b894b14bb
Fixed
fc8dbfdb441f618441eb7ccb3ea97e92ab445e60
Fixed
de199fe59cde38290709c7eb0d25406daa1314d7

Ecosystem specific 

{
    "severity": "HIGH",
    "introduced_range": "d577b18e6968785e9a0d6d41e56f6c1a79965266:9f01132466b330de1a485c9f01f226b2b4c57c28"
}

Database specific 

{
    "fixed_range": "fc8dbfdb441f618441eb7ccb3ea97e92ab445e60:de199fe59cde38290709c7eb0d25406daa1314d7"
}