OSV-2026-308

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libical/OSV-2026-308.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2026-308
Published
2026-02-25T00:19:49.963815Z
Modified
2026-02-25T00:19:49.964188Z
Summary
Heap-buffer-overflow in vcardstructured_new_from_string
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=486715154

Crash type: Heap-buffer-overflow WRITE 8
Crash state:
vcardstructured_new_from_string
vcardparameter_set_value_from_string
_parse_vcard
References

Affected packages

OSS-Fuzz / libical

Package

Name
libical
Purl
pkg:generic/libical

Affected ranges

Type
GIT
Repo
https://github.com/libical/libical.git
Events
Introduced
00fc43fd2faaa5a3d0a667dbb56bd35ba758892d
Fixed
0d3735426835aff0bd8151a0203e0720b157315f

Ecosystem specific 

{
    "severity": "HIGH"
}

Database specific

introduced_range 
"79a5324fd751adaa6c2336a215ca0783d5f57f29:e6c4d276a1df6c73bd2bec2c53dd98e367126375"
source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libical/OSV-2026-308.yaml"
fixed_range 
"c7bab3f44497eb126baa7c10429192ebd9acec91:0d3735426835aff0bd8151a0203e0720b157315f"