OSV-2022-854

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/perfetto/OSV-2022-854.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2022-854

Published

2022-09-07T00:00:54.323344Z

Modified

2023-04-20T22:55:15.851034Z

Summary

Heap-buffer-overflow in perfetto::trace_processor::TrackEventParser::ParseTrackDescriptor

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51022

Crash type: Heap-buffer-overflow WRITE 4
Crash state:
perfetto::trace_processor::TrackEventParser::ParseTrackDescriptor
perfetto::trace_processor::TrackEventModule::ParsePacket
perfetto::trace_processor::ProtoTraceParser::ParseTracePacketImpl

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51022

Affected packages

OSS-Fuzz / perfetto

Package

Name: perfetto
Purl: pkg:generic/perfetto

Affected ranges

Type: GIT
Repo: https://android.googlesource.com/platform/external/perfetto/
Events: Introduced

8209fb9b9a4156232aa87ad4621e541bfb777ec1

Fixed

bb1b58e6d1d86b3122bb9574f2530093ff1cc2eb

Affected versions

android-13.*

android-13.0.0_r1

android-13.0.0_r12

android-13.0.0_r2

android-13.0.0_r3

android-13.0.0_r31

android-13.0.0_r4

android-13.0.0_r5

android-13.0.0_r6

android-13.0.0_r7

android-13.0.0_r8

android-cts-13.*

android-cts-13.0_r1

android-cts-13.0_r2

android-cts-13.0_r3

android-mainline-12.*

android-mainline-12.0.0_r100

android-mainline-12.0.0_r122

android-mainline-12.0.0_r49

android-mainline-12.0.0_r59

android-mainline-12.0.0_r63

android-mainline-12.0.0_r70

android-mainline-12.0.0_r77

android-mainline-12.0.0_r99

android-platform-13.*

android-platform-13.0.0_r1

android-platform-13.0.0_r2

android-security-13.*

android-security-13.0.0_r1

android-security-13.0.0_r2

android-security-13.0.0_r3

android-security-13.0.0_r4

android-vts-13.*

android-vts-13.0_r1

android-vts-13.0_r2

android-vts-13.0_r3

platform-tools-29.*

platform-tools-29.0.1

platform-tools-29.0.2

platform-tools-29.0.3

platform-tools-29.0.4

platform-tools-29.0.5

platform-tools-29.0.6

platform-tools-30.*

platform-tools-30.0.0

platform-tools-30.0.1

platform-tools-30.0.2

platform-tools-30.0.3

platform-tools-30.0.4

platform-tools-30.0.5

platform-tools-31.*

platform-tools-31.0.0

platform-tools-31.0.1

platform-tools-31.0.2

platform-tools-31.0.3

platform-tools-32.*

platform-tools-32.0.0

platform-tools-33.*

platform-tools-33.0.0

platform-tools-33.0.1

platform-tools-33.0.2

platform-tools-33.0.3

v27.*

v27.0

v27.1

v28.*

v28.0

v29.*

v29.0

Ecosystem specific

{
    "severity": "HIGH"
}

Database specific

fixed_range

"ee1648233f427cc5526481e1074a48bd77caa29e:bb1b58e6d1d86b3122bb9574f2530093ff1cc2eb"

source

"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/perfetto/OSV-2022-854.yaml"