OSV-2025-608

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/https://github.com/davea42/libdwarf-code/OSV-2025-608.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2025-608
Published
2025-08-09T00:02:00.092320Z
Modified
2025-08-11T14:17:56.957704Z
Summary
Heap-buffer-overflow in _dwarf_memcpy_noswap_bytes
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437060549

Crash type: Heap-buffer-overflow READ 4
Crash state:
_dwarf_memcpy_noswap_bytes
_dwarf_length_of_cu_header
dwarf_global_name_offsets
References

Affected packages

OSS-Fuzz / libdwarf

Package

Name
libdwarf
Purl
pkg:generic/libdwarf

Affected ranges

Type
GIT
Repo
https://github.com/davea42/libdwarf-code
Events
Introduced
9cf5066516e5e46785bad045d97012e3c1c61b84
Fixed
aedc3c4cebdc84fe1e4b342df18b1b53110df534
Fixed
67c26c25f776303c154079a419bab34f29f35547

Affected versions

libdwarf-0.*

libdwarf-0.12.0

libdwarf-2.*

libdwarf-2.0.0
libdwarf-2.1.0

v0.*

v0.12.0

v2.*

v2.0.0
v2.1.0

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific 

{
    "fixed_range": "8f82593cff046c28d3687e10348264b191c325ef:67c26c25f776303c154079a419bab34f29f35547"
}