OSV-2023-890

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libdwarf/OSV-2023-890.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2023-890
Published
2023-09-21T14:01:03.576514Z
Modified
2023-09-21T14:01:03.576815Z
Summary
Heap-use-after-free in dwarf_dealloc
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62547

Crash type: Heap-use-after-free READ 2
Crash state:
dwarf_dealloc
_dwarf_fde_destructor
tdestroy_free_node
References

Affected packages

OSS-Fuzz / libdwarf

Package

Name
libdwarf
Purl
pkg:generic/libdwarf

Affected ranges

Type
GIT
Repo
https://github.com/davea42/libdwarf-code
Events
Introduced
b55ce0185528bf0a99e375cf8f3c84b76b6881a3
Fixed
cd741379bd0203a0875b413542d5f982606ae637

Affected versions

libdwarf-0.*

libdwarf-0.7.0
libdwarf-0.8.0-fixedtag

v0.*

v0.7.0
v0.8.0-fixedtag

Ecosystem specific 

{
    "severity": "HIGH"
}