OSV-2024-1343

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/shaderc/OSV-2024-1343.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2024-1343

Published

2024-11-27T00:13:21.103465Z

Modified

2025-12-23T15:50:46.882431Z

Summary

Container-overflow in glslang::HlslParseContext::decomposeIntrinsic

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=380569852

Crash type: Container-overflow READ 8
Crash state:
glslang::HlslParseContext::decomposeIntrinsic
glslang::HlslParseContext::handleFunctionCall
glslang::HlslGrammar::acceptFunctionCall

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=380569852

Affected packages

OSS-Fuzz / shaderc

Package

Name: shaderc
Purl: pkg:generic/shaderc

Affected ranges

Type: GIT
Repo: https://github.com/google/shaderc
Events: Introduced

8c4d729001709e907fba57041749d9ed8985891c

Fixed

e0a5092b4b05dbcc448b0883f3575163634f8e86

Affected versions

v2024.*

v2024.4

v2025.*

v2025.1

v2025.2

v2025.3

v2025.4

v2025.5

Ecosystem specific

{
    "severity": "MEDIUM"
}

Database specific

source

"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/shaderc/OSV-2024-1343.yaml"