OSV-2024-574

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/spirv-tools/OSV-2024-574.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2024-574

Published

2024-06-19T00:15:01.983925Z

Modified

2024-06-25T14:22:08.649397Z

Summary

Heap-buffer-overflow in spvtools::disassemble::InstructionDisassembler::EmitInstruction

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69549

Crash type: Heap-buffer-overflow READ 1
Crash state:
spvtools::disassemble::InstructionDisassembler::EmitInstruction
spvtools::DisassembleInstruction
Parser::parseModule

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69549

Affected packages

OSS-Fuzz / spirv-tools

Package

Name: spirv-tools
Purl: pkg:generic/spirv-tools

Affected ranges

Type: GIT
Repo: https://github.com/KhronosGroup/SPIRV-Tools.git
Events: Introduced

c3178da8eac9bc7d1788e95f8d555918ba483c23

Fixed

7bf2d0275e480852abfccc5ff9a4cabd388286b2

Ecosystem specific

{
    "severity": "MEDIUM"
}

Database specific

{
    "fixed_range": "bc28ac7c195f59b14535edec8472d97fd32a91ad:7bf2d0275e480852abfccc5ff9a4cabd388286b2"
}