OSV-2023-734

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/exiv2/OSV-2023-734.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2023-734
Published
2023-08-24T14:02:58.433195Z
Modified
2023-08-24T14:02:58.433472Z
Summary
Container-overflow in libbrotlidec.so.1
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61675

Crash type: Container-overflow WRITE {*}
Crash state:
libbrotlidec.so.1
BrotliDecoderDecompressStream
Exiv2::BmffImage::brotliUncompress
References

Affected packages

OSS-Fuzz / exiv2

Package

Name
exiv2
Purl
pkg:generic/exiv2

Affected ranges

Type
GIT
Repo
https://github.com/Exiv2/exiv2
Events
Introduced
53fe85b2c4696d814cbdd4c83af66a555ba1b777
Fixed
a1f254358de167af9a619523ca7ba6492bd89959
Introduced
f80403767b34818f3298d7ae54e6b36315f3b0a5
Fixed
d8f82d5db1fed05a18aa0f84f1cc8899d011a18b

Ecosystem specific 

{
    "severity": "HIGH"
}