OSV-2026-136

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2026-136.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2026-136
Published
2026-01-25T00:10:48.352834Z
Modified
2026-01-25T00:10:48.353140Z
Summary
Memcpy-param-overlap in grk::memStreamRead
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=478035120

Crash type: Memcpy-param-overlap
Crash state:
grk::memStreamRead
grk::BufferedStream::read
grk::MarkerParser::readSOTorEOC
References

Affected packages

OSS-Fuzz / grok

Package

Name
grok
Purl
pkg:generic/grok

Affected ranges

Type
GIT
Repo
https://github.com/GrokImageCompression/grok.git
Events
Introduced
5cc1466819c54e0f8879b2163c43ee764d1c400a
Fixed
eb702655bb0e5fc39ea037a08ca26c73bf5cde01

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific

introduced_range 
"3ff9df05501b96d1f0cede0e51f23a2417061ecb:ddb7b4704c9c00df168eaa97749cf3efaefddf4c"
source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2026-136.yaml"
fixed_range 
"45394e53de1103180d6f79c997f9cc5df25eecb1:eb702655bb0e5fc39ea037a08ca26c73bf5cde01"