OSV-2023-182

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/flac/OSV-2023-182.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2023-182
Published
2023-03-16T13:02:02.851218Z
Modified
2023-03-16T13:02:02.851471Z
Summary
Heap-buffer-overflow in FLAC__bitwriter_write_rice_signed_block
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57071

Crash type: Heap-buffer-overflow WRITE 4
Crash state:
FLAC__bitwriter_write_rice_signed_block
add_residual_partitioned_rice_
FLAC__subframe_add_fixed
References

Affected packages

OSS-Fuzz / flac

Package

Name
flac
Purl
pkg:generic/flac

Affected ranges

Type
GIT
Repo
https://github.com/xiph/flac.git
Events
Introduced
3173fc064f639535b5b74bdbf0fb683edf166c55
Fixed
68f605bd281a37890ed696555a52c6180457164f

Ecosystem specific 

{
    "severity": "HIGH"
}

Database specific 

{
    "introduced_range": "2db6c1d138bd39a366cbba4591321df8d58a7cf5:4d21da118322af1c0033f1bd5ea18d86b58b49d4"
}