OSV-2022-223

Import Source

JSON Data

https://api.osv.dev/v1/vulns/OSV-2022-223

Published

2022-03-08T00:00:07.482401Z

Modified

2022-04-13T03:04:39.309960Z

Summary

Container-overflow in Exiv2::Photoshop::locateIrb

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45302

Crash type: Container-overflow READ 4
Crash state:
Exiv2::Photoshop::locateIrb
Exiv2::Photoshop::setIptcIrb
Exiv2::JpegBase::doWriteMetadata

References

Affected packages

Type: GIT
Repo: https://github.com/Exiv2/exiv2
Events: Introduced

b9f9d041eabc0cd9620ca4373190f167085a9b44

Fixed

e715243aa51fa38a89d35ea377d267600217e192

nightly

testIPO

testIPO_2

testIPO_3

testIPO_exiv2-xmp-OBJECT

{
    "severity": "MEDIUM"
}