OSV-2026-853

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/apache-logging-log4cxx/OSV-2026-853.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2026-853
Published
2026-06-05T00:05:47.086641Z
Modified
2026-06-05T00:05:47.086929Z
Summary
Stack-buffer-overflow in log4cxx::helpers::Transcoder::decode
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=519671967

Crash type: Stack-buffer-overflow READ 1
Crash state:
log4cxx::helpers::Transcoder::decode
TranscoderFuzzer.cpp
CentipedeRunnerMain
References

Affected packages

OSS-Fuzz / apache-logging-log4cxx

Package

Name
apache-logging-log4cxx
Purl
pkg:generic/apache-logging-log4cxx

Affected ranges

Type
GIT
Repo
https://github.com/apache/logging-log4cxx
Events
Introduced
b0671d81d195fae2633574dfc70bb3615dfe02ed
Fixed
0046ba5cbacbd227076a262be9297f3f254e5e33

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific

fixed_range 
"8eb5c27dcfffde4955c5fa17f50e22d61d1754ad:0046ba5cbacbd227076a262be9297f3f254e5e33"
introduced_range 
"7f30d205ca2780e3fa47031c768dcb1a761ac299:5d328e9991c917814a8358745328c9c733facda9"
source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/apache-logging-log4cxx/OSV-2026-853.yaml"