OSV-2026-195

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libical/OSV-2026-195.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2026-195
Published
2026-02-05T00:15:22.587525Z
Modified
2026-02-05T00:15:22.587818Z
Summary
Use-of-uninitialized-value in vcardstructured_free
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=481458325

Crash type: Use-of-uninitialized-value
Crash state:
vcardstructured_free
vcardparameter_free
vcardproperty_free
References

Affected packages

OSS-Fuzz / libical

Package

Name
libical
Purl
pkg:generic/libical

Affected ranges

Type
GIT
Repo
https://github.com/libical/libical.git
Events
Introduced
f8cb7b4349809e51bad3902d130804d31ede3116
Fixed
0d3735426835aff0bd8151a0203e0720b157315f

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific

fixed_range 
"c7bab3f44497eb126baa7c10429192ebd9acec91:0d3735426835aff0bd8151a0203e0720b157315f"
source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libical/OSV-2026-195.yaml"
introduced_range 
"a178be6cde3ab016f0072003df87517e289e075a:0d7f739ddd93f6e7b7bb9b7e8db9aa4ba639fbda"