OSV-2022-531

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/perfetto/OSV-2022-531.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2022-531
Published
2022-07-05T00:00:15.936407Z
Modified
2023-04-20T22:42:42.108104Z
Summary
Heap-buffer-overflow in perfetto::trace_processor::TrackEventParser::ParseTrackDescriptor
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48684

Crash type: Heap-buffer-overflow WRITE 4
Crash state:
perfetto::trace_processor::TrackEventParser::ParseTrackDescriptor
perfetto::trace_processor::TrackEventModule::ParsePacket
perfetto::trace_processor::ProtoTraceParser::ParseTracePacketImpl
References

Affected packages

OSS-Fuzz / perfetto

Package

Name
perfetto
Purl
pkg:generic/perfetto

Affected ranges

Type
GIT
Repo
https://android.googlesource.com/platform/external/perfetto/
Events

Affected versions

android-13.*

android-13.0.0_r1
android-13.0.0_r12
android-13.0.0_r2
android-13.0.0_r3
android-13.0.0_r31
android-13.0.0_r4
android-13.0.0_r5
android-13.0.0_r6
android-13.0.0_r7
android-13.0.0_r8

android-cts-13.*

android-cts-13.0_r1
android-cts-13.0_r2
android-cts-13.0_r3

android-mainline-12.*

android-mainline-12.0.0_r100
android-mainline-12.0.0_r122
android-mainline-12.0.0_r49
android-mainline-12.0.0_r59
android-mainline-12.0.0_r63
android-mainline-12.0.0_r70
android-mainline-12.0.0_r77
android-mainline-12.0.0_r99

android-platform-13.*

android-platform-13.0.0_r1
android-platform-13.0.0_r2

android-security-13.*

android-security-13.0.0_r1
android-security-13.0.0_r2
android-security-13.0.0_r3
android-security-13.0.0_r4

android-vts-13.*

android-vts-13.0_r1
android-vts-13.0_r2
android-vts-13.0_r3

platform-tools-29.*

platform-tools-29.0.1
platform-tools-29.0.2
platform-tools-29.0.3
platform-tools-29.0.4
platform-tools-29.0.5
platform-tools-29.0.6

platform-tools-30.*

platform-tools-30.0.0
platform-tools-30.0.1
platform-tools-30.0.2
platform-tools-30.0.3
platform-tools-30.0.4
platform-tools-30.0.5

platform-tools-31.*

platform-tools-31.0.0
platform-tools-31.0.1
platform-tools-31.0.2
platform-tools-31.0.3

platform-tools-32.*

platform-tools-32.0.0

platform-tools-33.*

platform-tools-33.0.0
platform-tools-33.0.1
platform-tools-33.0.2
platform-tools-33.0.3

v27.*

v27.0
v27.1

v28.*

v28.0

Ecosystem specific

{
    "severity": "HIGH"
}