OSV-2025-6

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libvips/OSV-2025-6.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2025-6
Published
2025-01-06T00:16:10.036783Z
Modified
2025-01-06T00:16:10.037219Z
Summary
Heap-buffer-overflow in next_marker
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=387317434

Crash type: Heap-buffer-overflow READ 1
Crash state:
next_marker
read_markers
consume_markers
References

Affected packages

OSS-Fuzz / libvips

Package

Name
libvips
Purl
pkg:generic/libvips

Affected ranges

Type
GIT
Repo
https://github.com/libvips/libvips.git
Events
Introduced
7b47b07bcd0583c4f9d4afaac85d3abb5008edff
Fixed
4689cda680c2b59bf8dca0b856fb58087196f60a

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific

fixed_range 
"7b47b07bcd0583c4f9d4afaac85d3abb5008edff:4689cda680c2b59bf8dca0b856fb58087196f60a"
source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libvips/OSV-2025-6.yaml"