OSV-2022-128

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libredwg/OSV-2022-128.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2022-128
Published
2022-02-07T00:00:43.453413Z
Modified
2022-07-30T00:11:15.450699Z
Summary
Stack-buffer-overflow in decompress_rNUMBER
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44432

Crash type: Stack-buffer-overflow WRITE 1 Crash state: decompressrNUMBER readrNUMBERmetadata dwg_decode

References

Affected packages

OSS-Fuzz / libredwg

Package

Name
libredwg
Purl
pkg:generic/libredwg

Affected ranges

Type
GIT
Repo
https://github.com/LibreDWG/libredwg
Events
Introduced
161045124139f7288f335fc1f51b1d403054ad61
Fixed
fe03c5a89cbd441b6840335bd484cf08bc65c7c4

Affected versions

0.*
0.12.4.4390
0.12.4.4395
0.12.4.4399
0.12.4.4400
0.12.4.4409
0.12.4.4415
0.12.4.4420
0.12.4.4423
0.12.4.4425
0.12.4.4430
0.12.4.4437
0.12.4.4442
0.12.4.4444
0.12.4.4462
0.12.4.4466
0.12.4.4467
0.12.4.4475
0.12.4.4487
0.12.4.4491
0.12.4.4492
0.12.4.4494
0.12.4.4497
0.12.4.4507
0.12.4.4515
0.12.4.4517
0.12.4.4522
0.12.4.4527
0.12.4.4530
0.12.4.4533
0.12.4.4535
0.12.4.4542
0.12.4.4544
0.12.4.4545
0.12.4.4548
0.12.4.4550
0.12.4.4553
0.12.4.4566
0.12.4.4567
0.12.4.4572
0.12.4.4583
0.12.4.4590
0.12.4.4598
0.12.4.4601
0.12.4.4606
0.12.4.4607
0.12.4.4608
0.12.4.4613
0.12.4.4615
0.12.5

Ecosystem specific 

{
    "severity": "HIGH"
}

Database specific

source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libredwg/OSV-2022-128.yaml"