OSV-2022-32

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/php/OSV-2022-32.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2022-32
Published
2022-01-11T00:01:35.764166Z
Modified
2022-04-13T03:04:33.372135Z
Summary
Heap-buffer-overflow in _estrdup
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43484

Crash type: Heap-buffer-overflow READ 11
Crash state:
_estrdup
exif_process_user_comment
exif_process_IFD_TAG_impl
References

Affected packages

OSS-Fuzz / php

Package

Name
php
Purl
pkg:generic/php

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src.git
Events
Introduced
9e80947e343b253e078abfc9d1d4f800342c26f8
Fixed
4170d41a66d913b672e7f76d528aea2fe15d21de
Fixed
bb5047af6ca8b1456b8d30be8415595ae64e275c

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific

source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/php/OSV-2022-32.yaml"
introduced_range 
"51eec5086f0862d4dfab526b2f7d852d1d87502d:d528d29ed4e5833f9b3e696bcb030c6d81c1c523"
fixed_range 
"d528d29ed4e5833f9b3e696bcb030c6d81c1c523:bb5047af6ca8b1456b8d30be8415595ae64e275c"