OSV-2024-267

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/lcms/OSV-2024-267.yaml

Published

2024-04-18T00:02:12.015129Z

Modified

2024-04-29T11:29:45.142411Z

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68047

Crash type: Heap-buffer-overflow WRITE 8
Crash state:
SetDataFormat
ParseIT8
cmsIT8LoadFromMem

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68047

Affected packages

OSS-Fuzz / lcms

Package

Name: lcms

Affected ranges

Type: GIT
Repo: https://github.com/mm2/Little-CMS.git
Events: Introduced

8aa70ee88c8319eb677b82aebdceb1bda1c3f0b7

Fixed

fe8d3839799adbaf2783ebf27f1433ff8d5abd69

Affected versions

lcm2.*

lcm2.16rc1

lcms2.*

lcms2.13

lcms2.13.1

lcms2.13rc1

lcms2.13rc2

lcms2.14

lcms2.14rc1

lcms2.15

lcms2.15rc1

lcms2.16

lcms2.16rc1

Ecosystem specific

{
    "severity": "HIGH"
}

Database specific

{
    "introduced_range": "6bef8bd0788527d46316da01b1b679fc160e0196:1c667a762c4272ec970a2dd6f945836c52f35720",
    "fixed_range": "1176e61afea4b58c5f92c6f226cdb7b1c76797d5:fe8d3839799adbaf2783ebf27f1433ff8d5abd69"
}