OSV-2025-834

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/arrow/OSV-2025-834.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2025-834

Published

2025-10-14T00:10:52.861723Z

Modified

2025-10-24T14:22:07.938287Z

Summary

Heap-buffer-overflow in std::__1::pair<int, arrow::util::RleBitPackedParser::ControlFlow> arrow::util::R

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=451150486

Crash type: Heap-buffer-overflow READ 3
Crash state:
std::__1::pair&lt;int, arrow::util::RleBitPackedParser::ControlFlow> arrow::util::R
arrow::util::RleBitPackedDecoder<int>::GetBatch
auto parquet::DictByteArrayDecoderImpl::DecodeArrowDense

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=451150486

Affected packages

OSS-Fuzz / arrow

Package

Name: arrow
Purl: pkg:generic/arrow

Affected ranges

Type: GIT
Repo: https://github.com/apache/arrow.git
Events: Introduced

64f2055ffb68e5077420f4253e76d78952438cab

Fixed

52704cbb4e6c0275b36e5ffc6a395361be05c262

Affected versions

apache-arrow-22.*

apache-arrow-22.0.0

apache-arrow-22.0.0-rc0

apache-arrow-22.0.0-rc1

Ecosystem specific

{
    "severity": "HIGH"
}

Database specific

introduced_range

"e68236ae36385127b851ca129ed0cbc1078cae48:235032ad245030c6364a9c8ec02066c0aa0bb18d"

fixed_range

"f268c43ccd86ac57336e3a49a75261d63147ea37:52704cbb4e6c0275b36e5ffc6a395361be05c262"