OSV-2024-340

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/exiv2/OSV-2024-340.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2024-340
Published
2024-04-30T00:01:53.406015Z
Modified
2024-07-08T14:18:27.414920Z
Summary
Heap-buffer-overflow in Exiv2::AsfVideo::GUIDTag::GUIDTag
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68210

Crash type: Heap-buffer-overflow READ 8
Crash state:
Exiv2::AsfVideo::GUIDTag::GUIDTag
Exiv2::AsfVideo::streamProperties
Exiv2::AsfVideo::decodeBlock
References

Affected packages

OSS-Fuzz / exiv2

Package

Name
exiv2
Purl
pkg:generic/exiv2

Affected ranges

Type
GIT
Repo
https://github.com/Exiv2/exiv2
Events
Introduced
14e26b5abdad3b725dd6902dabcab32c48813284

Affected versions

Other

nightly

nightly-0.*

nightly-0.28.x

v0.*

v0.28.0
v0.28.1
v0.28.2
v0.28.3

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific 

{
    "introduced_range": "2a03d8b630546f1f8e0bb4b8688e5ede630bc5c3:93f5acbbff7dacc66cfa02a56957c5746a7c107c"
}