OSV-2025-312
See a problem?- Import Source
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/c-blosc2/OSV-2025-312.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/OSV-2025-312
- Published
- 2025-05-02T00:14:14.459388Z
- Modified
- 2026-04-23T14:10:00.934602Z
- Summary
- Heap-buffer-overflow in ZSTD_decompressMultiFrame
- Details
-
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=414856644
Crash type: Heap-buffer-overflow READ 1 Crash state: ZSTD_decompressMultiFrame ZSTD_decompressDCtx zstd_wrap_decompress - References
Affected packages
OSS-Fuzz / c-blosc2
Package
- Name
- c-blosc2
- Purl
- pkg:generic/c-blosc2
Affected versions
v2.*
v2.1.0
v2.1.1
v2.10.0
v2.10.1
v2.10.2
v2.10.3
v2.10.4
v2.10.5
v2.11.0
v2.11.1
v2.11.2
v2.11.3
v2.12.0
v2.13.0
v2.13.1
v2.13.2
v2.14.0
v2.14.1
v2.14.2
v2.14.3
v2.14.4
v2.15.0
v2.15.1
v2.15.2
v2.16.0
v2.17.0
v2.17.1
v2.18.0
v2.19.0
v2.19.1
v2.2.0
v2.20.0
v2.21.0
v2.21.1
v2.21.2
v2.21.3
v2.22.0
v2.23.0
v2.23.1
v2.3.0
v2.3.1
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.5.0
v2.6.0
v2.6.1
v2.7.0
v2.7.1
v2.8.0
v2.9.0
v2.9.1
v2.9.2
v2.9.3
v3.*
v3.0.0.rc1
v3.0.0.rc2
Database specific
fixed_range
"afb545924c492352ea736c47abecdfb9e79ca9b4:56b9bc5a80282d38d78428e50990fc4881bc29c6"
introduced_range
"5d7e4220166a4e42239230cac4bd71aee04d1326:a581837d9400501c09f957298e91be0eec9a0b0a"
source
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/c-blosc2/OSV-2025-312.yaml"