OSV-2024-1297

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qpdf/OSV-2024-1297.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2024-1297
Published
2024-11-09T00:13:03.370689Z
Modified
2024-11-09T00:13:03.371200Z
Summary
Heap-buffer-overflow in rijndaelSetupEncrypt
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=377977949

Crash type: Heap-buffer-overflow READ 1
Crash state:
rijndaelSetupEncrypt
rijndaelSetupDecrypt
AES_PDF_native::AES_PDF_native
References

Affected packages

OSS-Fuzz / qpdf

Package

Name
qpdf
Purl
pkg:generic/qpdf

Affected ranges

Type
GIT
Repo
https://github.com/qpdf/qpdf.git
Events
Introduced
d8d73679e71942c4d53e6f8826aa5b51eaa57137
Fixed
3ea83e9993801b002b4db8abaaa08dec31989ec7

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific

fixed_range 
"54cf0e519c49e3fb44c7ca1de95a1fffbafc211c:3ea83e9993801b002b4db8abaaa08dec31989ec7"
introduced_range 
"c1377176f8a65f62c4a2f582062554dc69dd5e81:7f3b05ddb4bd9ff7e2da5fea17646b5fc99b45ba"
source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qpdf/OSV-2024-1297.yaml"