OSV-2023-90

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libraw/OSV-2023-90.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2023-90
Published
2023-02-21T13:00:32.973229Z
Modified
2023-02-24T01:53:57.243568Z
Summary
Heap-buffer-overflow in LibRaw_buffer_datastream::scanf_one
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56160

Crash type: Heap-buffer-overflow READ 1
Crash state:
LibRaw_buffer_datastream::scanf_one
LibRaw::parse_mos
LibRaw::parse_tiff_ifd
References

Affected packages

OSS-Fuzz / libraw

Package

Name
libraw
Purl
pkg:generic/libraw

Affected ranges

Type
GIT
Repo
https://github.com/libraw/libraw
Events
Introduced
2a9a4de21ea7f5d15314da8ee5f27feebf239655
Fixed
443b7fb51e1ca89a1178180258a0f10ed353617d
Fixed
f6a57cfb81561bb9a3bd884795896a61f65ba29e

Affected versions

0.*

0.21-Beta1
0.21.0
0.21.1

Ecosystem specific 

{
    "severity": "MEDIUM"
}