OSV-2024-1348

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/shaderc/OSV-2024-1348.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2024-1348

Published

2024-12-10T00:00:50.788Z

Modified

2025-12-23T15:51:01.062319Z

Summary

Heap-buffer-overflow in glslang::HlslGrammar::acceptDeclaration

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=382721848

Crash type: Heap-buffer-overflow READ 1
Crash state:
glslang::HlslGrammar::acceptDeclaration
glslang::HlslGrammar::acceptCompilationUnit
glslang::HlslParseContext::parseShaderStrings

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=382721848

Affected packages

OSS-Fuzz / shaderc

Package

Name: shaderc
Purl: pkg:generic/shaderc

Affected ranges

Type: GIT
Repo: https://github.com/google/shaderc
Events: Introduced

ffd3be52bbcbd428e9de40da996ad09645fc0dc8

Fixed

e0a5092b4b05dbcc448b0883f3575163634f8e86

Affected versions

v2024.*

v2024.4

v2025.*

v2025.1

v2025.2

v2025.3

v2025.4

v2025.5

Ecosystem specific

{
    "severity": "MEDIUM"
}

Database specific

source

"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/shaderc/OSV-2024-1348.yaml"