OSV-2025-408

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/readstat/OSV-2025-408.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2025-408
Published
2025-05-27T00:12:59.401698Z
Modified
2025-05-27T00:12:59.402180Z
Summary
Heap-buffer-overflow in sav_parse_long_variable_names_record
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420198855

Crash type: Heap-buffer-overflow READ 1
Crash state:
sav_parse_long_variable_names_record
sav_parse_records_pass2
readstat_parse_sav
References

Affected packages

OSS-Fuzz / readstat

Package

Name
readstat
Purl
pkg:generic/readstat

Affected ranges

Type
GIT
Repo
https://github.com/WizardMac/ReadStat
Events
Introduced
24de678e9439fff01b27c0bc8e8b745369888664
Fixed
b2d5407d62caf3c33caadc0495c9f7684b6a0df7

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific 

{
    "fixed_range": "b3d68355b1bd87ac9dcee4dda60ed08acdd09a6f:b2d5407d62caf3c33caadc0495c9f7684b6a0df7"
}