OSV-2022-377

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libredwg/OSV-2022-377.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2022-377
Published
2022-04-26T00:01:48.422620Z
Modified
2022-07-30T00:11:24.476167Z
Summary
Heap-buffer-overflow in decode_preR13_section_hdr
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46983

Crash type: Heap-buffer-overflow WRITE 4
Crash state:
decode_preR13_section_hdr
decode_preR13
dwg_decode
References

Affected packages

OSS-Fuzz / libredwg

Package

Name
libredwg
Purl
pkg:generic/libredwg

Affected ranges

Type
GIT
Repo
https://github.com/LibreDWG/libredwg
Events
Introduced
7bda865d59f843e174ac7e14c7dfe25243900956
Fixed
580e8bbebf18579b97e2c20b032368b9079624ca

Affected versions

0.*

0.12.4.4522
0.12.4.4527
0.12.4.4530
0.12.4.4533
0.12.4.4535
0.12.4.4542
0.12.4.4544
0.12.4.4545
0.12.4.4548
0.12.4.4550
0.12.4.4553
0.12.4.4566
0.12.4.4567
0.12.4.4572
0.12.4.4583
0.12.4.4590
0.12.4.4598
0.12.4.4601
0.12.4.4606
0.12.4.4607
0.12.4.4608
0.12.4.4613
0.12.4.4615

Ecosystem specific 

{
    "severity": "HIGH"
}