OSV-2022-305

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libvips/OSV-2022-305.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2022-305

Published

2022-04-05T00:00:26.264820Z

Modified

2022-04-05T00:00:26.265051Z

Summary

Heap-buffer-overflow in jxl::N_AVX2::BlendingStage::ProcessPaddingRow

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46304

Crash type: Heap-buffer-overflow READ {*}
Crash state:
jxl::N_AVX2::BlendingStage::ProcessPaddingRow
jxl::LowMemoryRenderPipeline::RenderPadding
jxl::LowMemoryRenderPipeline::ProcessBuffers

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46304

Affected packages

OSS-Fuzz / libvips

Package

Name: libvips
Purl: pkg:generic/libvips

Affected ranges

Type: GIT
Repo: https://github.com/libvips/libvips.git
Events: Introduced

dc07b0005960687b7ec541b0a3714210e1e16f6a

Fixed

43db3985d0c0f0321434f2bd1cda36c7dd4fa1e5

Ecosystem specific

{
    "severity": "MEDIUM"
}