OSV-2026-304

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2026-304.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2026-304
Published
2026-02-25T00:09:10.290694Z
Modified
2026-02-25T00:09:10.291030Z
Summary
Heap-use-after-free in tf::Executor::_invoke
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=486618382

Crash type: Heap-use-after-free READ 4
Crash state:
tf::Executor::_invoke
tf::Executor::_spawn
void* std::__1::__thread_proxy
References

Affected packages

OSS-Fuzz / grok

Package

Name
grok
Purl
pkg:generic/grok

Affected ranges

Type
GIT
Repo
https://github.com/GrokImageCompression/grok.git
Events
Introduced
1ca9a4ce1b63568ed43aa7c93697114dc6b3fbcb
Fixed
f88afe44754abda59a151d4b547b41a6e6b90f2c

Ecosystem specific 

{
    "severity": "HIGH"
}

Database specific

introduced_range 
"354d77e68ddea42a4d8068ac5a92e32035848fb7:b176c52456b31ee223c82ed2c765471b190bc18a"
source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2026-304.yaml"
fixed_range 
"b583c0bb494fc9c43a79e335a0b2f7c34ceeb280:f88afe44754abda59a151d4b547b41a6e6b90f2c"