OSV-2024-142

Import Source

JSON Data

https://api.osv.dev/v1/vulns/OSV-2024-142

Published

2024-02-29T00:06:19.763458Z

Modified

2024-04-18T14:20:45.279874Z

Summary

Heap-buffer-overflow in gf_gz_decompress_payload_ex

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67043

Crash type: Heap-buffer-overflow WRITE 1
Crash state:
gf_gz_decompress_payload_ex
gf_isom_box_parse_ex
gf_isom_box_array_read

References

Affected packages

Type: GIT
Repo: https://github.com/gpac/gpac
Events: Introduced

bbf25211ff041da80c52ab960f42e177027b3a7f

Fixed

57f3ff863669c8eb8edfabd68021d560900d6c68

{
    "severity": "HIGH"
}

{
    "fixed_range": "422b78ecf79ceeee97104d219cc4f184b1348cec:57f3ff863669c8eb8edfabd68021d560900d6c68"
}