OSV-2022-129

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libredwg/OSV-2022-129.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2022-129

Published

2022-02-09T00:00:11.798343Z

Modified

2022-02-09T00:00:11.798577Z

Summary

Heap-buffer-overflow in dwg_free_HATCH_private

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44481

Crash type: Heap-buffer-overflow READ 8
Crash state:
dwg_free_HATCH_private
dwg_free_HATCH
dwg_free_object

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44481

Affected packages

OSS-Fuzz / libredwg

Package

Name: libredwg
Purl: pkg:generic/libredwg

Affected ranges

Type: GIT
Repo: https://github.com/LibreDWG/libredwg
Events: Introduced

cb74d5cf5bffc2a9dee8da43105d892f9a728777

Fixed

8bd75b4e2dfcb229e5121c3e45e5d284bf0d0477

Affected versions

0.*

0.12.3.4163

0.12.3.4165

0.12.3.4167

0.12.3.4173

0.12.3.4176

0.12.3.4178

0.12.3.4180

0.12.3.4185

0.12.3.4189

0.12.3.4191

0.12.3.4194

0.12.3.4201

0.12.3.4203

0.12.3.4206

0.12.3.4219

0.12.3.4221

0.12.3.4229

0.12.3.4231

0.12.3.4244

0.12.3.4248

0.12.3.4250

0.12.3.4253

0.12.3.4261

0.12.3.4264

0.12.3.4267

0.12.3.4270

0.12.3.4273

0.12.3.4280

0.12.4

0.12.4.4287

0.12.4.4288

0.12.4.4296

0.12.4.4298

0.12.4.4300

0.12.4.4302

0.12.4.4307

0.12.4.4313

0.12.4.4317

0.12.4.4321

0.12.4.4324

0.12.4.4331

0.12.4.4338

0.12.4.4343

0.12.4.4348

0.12.4.4362

0.12.4.4364

0.12.4.4367

0.12.4.4368

0.12.4.4375

0.12.4.4378

0.12.4.4382

0.12.4.4384

0.12.4.4387

0.12.4.4390

0.12.4.4395

0.12.4.4399

0.12.4.4400

0.12.4.4409

0.12.4.4415

0.12.4.4420

0.12.4.4423

0.12.4.4425

0.12.4.4430

0.12.4.4437

0.12.4.4442

0.12.4.4444

0.12.4.4462

0.12.4.4466

0.12.4.4467

0.12.5

Ecosystem specific

{
    "severity": "MEDIUM"
}