OSV-2022-1180

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libredwg/OSV-2022-1180.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2022-1180
Published
2022-11-18T13:02:18.978213Z
Modified
2022-11-18T13:02:18.978476Z
Summary
Heap-buffer-overflow in json_common_entity_data
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53468

Crash type: Heap-buffer-overflow READ 8
Crash state:
json_common_entity_data
json_objects_write
dwg_write_json
References

Affected packages

OSS-Fuzz / libredwg

Package

Name
libredwg
Purl
pkg:generic/libredwg

Affected ranges

Type
GIT
Repo
https://github.com/LibreDWG/libredwg
Events
Introduced
f54d6c2e90cbf4b8b6bec7cf94f8eb8a1a4a2984
Fixed
756d716867a4e862faa07ae395254b048b1322dc

Affected versions

0.*

0.12.4.4515
0.12.4.4517
0.12.4.4522
0.12.4.4527
0.12.4.4530
0.12.4.4533
0.12.4.4535
0.12.4.4542
0.12.4.4544
0.12.4.4545
0.12.4.4548
0.12.4.4550
0.12.4.4553
0.12.4.4566
0.12.4.4567
0.12.4.4572
0.12.4.4583
0.12.4.4590
0.12.4.4598
0.12.4.4601
0.12.4.4606
0.12.4.4607
0.12.4.4608
0.12.4.4613
0.12.4.4615
0.12.4.4635
0.12.4.4637
0.12.4.4641
0.12.4.4643
0.12.4.4647

Ecosystem specific 

{
    "severity": "MEDIUM"
}