OSV-2024-404

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libavif/OSV-2024-404.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2024-404
Published
2024-05-04T00:03:34.449449Z
Modified
2024-05-04T00:03:34.449922Z
Summary
Use-of-uninitialized-value in avifSequenceHeaderParse
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68568

Crash type: Use-of-uninitialized-value
Crash state:
avifSequenceHeaderParse
avifDecoderReset
avifDecoderParse
References

Affected packages

OSS-Fuzz / libavif

Package

Name
libavif
Purl
pkg:generic/libavif

Affected ranges

Type
GIT
Repo
https://github.com/AOMediaCodec/libavif.git
Events
Introduced
4c7f0f40c3c3c1c362cef47379220041d61fd2af
Fixed
5d5d708de735bb52d70849a6a901a7cbebead6c4

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific 

{
    "fixed_range": "4c7f0f40c3c3c1c362cef47379220041d61fd2af:5d5d708de735bb52d70849a6a901a7cbebead6c4"
}