OSV-2023-675

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/flac/OSV-2023-675.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2023-675
Published
2023-08-09T14:02:25.748940Z
Modified
2024-04-29T14:13:24.917092Z
Summary
Heap-use-after-free in parse_options
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61292

Crash type: Heap-use-after-free WRITE 4
Crash state:
parse_options
append_new_operation
parse_options
References

Affected packages

OSS-Fuzz / flac

Package

Name
flac
Purl
pkg:generic/flac

Affected ranges

Type
GIT
Repo
https://github.com/xiph/flac.git
Events
Introduced
67d2e1ee4c09ea28a2dae72750a1714f3b8294ef
Fixed
37ca81137af2273686fc6d7d87827bdabd6bf234

Affected versions

1.*

1.4.3

Ecosystem specific 

{
    "severity": "HIGH"
}

Database specific 

{
    "fixed_range": "89a4d2b9fc802bf903f728d34f72c606b2d525e5:37ca81137af2273686fc6d7d87827bdabd6bf234"
}