OSV-2025-486

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/opencv/OSV-2025-486.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2025-486
Published
2025-06-24T00:16:24.786334Z
Modified
2025-06-24T00:16:24.786690Z
Summary
Bad-cast to cv::PngDecoder from invalid vptr
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=426783958

Crash type: Bad-cast
Crash state:
Bad-cast to cv::PngDecoder from invalid vptr
cv::PngDecoder::readData
cv::imdecode_
References

Affected packages

OSS-Fuzz / opencv

Package

Name
opencv
Purl
pkg:generic/opencv

Affected ranges

Type
GIT
Repo
https://github.com/opencv/opencv.git
Events

Affected versions

4.*
4.12.0
5.*
5.0.0-alpha

Ecosystem specific

{
    "severity": "HIGH"
}

Database specific

introduced_range
"32598639244ada2b5095baf08118a2ec80c6bb37:1950c4dbb993c60f11ddc8adf3c4eeab998fc175"
fixed_range
"1fdff6da75c6c2e745c3aab9a0a8864dba4c6c1c:dac243bd265e79af2315ce04fac2a0a5bdf47efe"
source
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/opencv/OSV-2025-486.yaml"