OSV-2025-525

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/opencv/OSV-2025-525.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2025-525

Published

2025-07-06T00:18:54.304371Z

Modified

2025-07-06T00:18:54.304891Z

Summary

UNKNOWN READ in std::__1::__function::__func<cv::PngDecoder::compose_frame

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=429429085

Crash type: UNKNOWN READ
Crash state:
std::__1::__function::__func&lt;cv::PngDecoder::compose_frame
cv::ParallelLoopBodyWrapper::operator
cv::ThreadPool::run

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=429429085

Affected packages

OSS-Fuzz / opencv

Package

Name: opencv
Purl: pkg:generic/opencv

Affected ranges

Type: GIT
Repo: https://github.com/opencv/opencv.git
Events: Introduced

850b686f8a9a1bbadd975910aee815acaf0d6e50

Fixed

468de9b36740b3355f0d5cd8be2ce28b340df120

Affected versions

4.*

4.12.0

Ecosystem specific

{
    "severity": "MEDIUM"
}

Database specific

{
    "fixed_range": "824cbf51ec4f3bdf2cbe38944251fefaf90eef9d:468de9b36740b3355f0d5cd8be2ce28b340df120",
    "introduced_range": "32598639244ada2b5095baf08118a2ec80c6bb37:1950c4dbb993c60f11ddc8adf3c4eeab998fc175"
}