OSV-2022-493

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libvips/OSV-2022-493.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2022-493

Published

2022-06-21T00:01:55.187291Z

Modified

2022-06-21T00:01:55.187587Z

Summary

Segv on unknown address in jxl::N_AVX2::XYBStage<jxl::N_AVX2::PerChannelOp<jxl::N_AVX2::Op709> >::ProcessRo

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48132

Crash type: Segv on unknown address
Crash state:
jxl::N_AVX2::XYBStage&lt;jxl::N_AVX2::PerChannelOp<jxl::N_AVX2::Op709> >::ProcessRo
jxl::LowMemoryRenderPipeline::RenderRect
jxl::LowMemoryRenderPipeline::ProcessBuffers

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48132

Affected packages

OSS-Fuzz / libvips

Package

Name: libvips
Purl: pkg:generic/libvips

Affected ranges

Type: GIT
Repo: https://github.com/libvips/libvips.git
Events: Introduced

d91cfa4e5346d4abd71e0b6d908112663a53a5c2

Fixed

55cbde674be27fcb4f79023e8cf1d3ec1291d4fd

Affected versions

v8.*

v8.13.0-rc1

Ecosystem specific

{
    "severity": null
}

Database specific

{
    "introduced_range": "ceaa2d2096ce44f1798eaaf5f437492aae474a39:9cbc361269cedd5ddadd9695d7aa3368daa31d24"
}