osv-2021-1559
Vulnerability from osv_ossfuzz
Published
2021-11-10 00:01
Modified
2023-02-24 01:57
Summary
Heap-buffer-overflow in ih264d_mark_err_slice_skip
Details
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40851
Crash type: Heap-buffer-overflow WRITE 4
Crash state:
ih264d_mark_err_slice_skip
ih264d_video_decode
ih264d_api_function
{
"affected": [
{
"ecosystem_specific": {
"severity": "HIGH"
},
"package": {
"ecosystem": "OSS-Fuzz",
"name": "libavc",
"purl": "pkg:generic/libavc"
},
"ranges": [
{
"events": [
{
"introduced": "6efeedf0633e1965a4d4e17d64f14215e9b6d48f"
},
{
"fixed": "2191ac2b82618e4acf73e5247794f51eb01eabd3"
},
{
"fixed": "23247c81421129686df32536ed9a15b0508acd39"
},
{
"fixed": "a20b83447dbefd90b21e109fb9d5fcc4d0b1e193"
},
{
"fixed": "479c2eab082f4fd9a1aa384cf4e4db6ef6bd907f"
},
{
"fixed": "dc110841d6a3fb2f9c9f1af04b3b71da40fbd392"
}
],
"repo": "https://android.googlesource.com/platform/external/libavc",
"type": "GIT"
}
],
"versions": [
"android-11.0.0_r18",
"android-11.0.0_r19",
"android-11.0.0_r20",
"android-11.0.0_r21",
"android-11.0.0_r22",
"android-11.0.0_r23",
"android-11.0.0_r24",
"android-11.0.0_r26",
"android-11.0.0_r27",
"android-11.0.0_r28",
"android-11.0.0_r29",
"android-11.0.0_r38",
"android-11.0.0_r39",
"android-11.0.0_r40",
"android-11.0.0_r43",
"android-11.0.0_r46",
"android-12.0.0_r1",
"android-12.0.0_r10",
"android-12.0.0_r11",
"android-12.0.0_r12",
"android-12.0.0_r13",
"android-12.0.0_r14",
"android-12.0.0_r15",
"android-12.0.0_r16",
"android-12.0.0_r18",
"android-12.0.0_r19",
"android-12.0.0_r2",
"android-12.0.0_r20",
"android-12.0.0_r21",
"android-12.0.0_r25",
"android-12.0.0_r26",
"android-12.0.0_r27",
"android-12.0.0_r28",
"android-12.0.0_r29",
"android-12.0.0_r3",
"android-12.0.0_r30",
"android-12.0.0_r31",
"android-12.0.0_r4",
"android-12.0.0_r5",
"android-12.0.0_r6",
"android-12.0.0_r7",
"android-12.0.0_r8",
"android-12.0.0_r9",
"android-cts-12.0_r1",
"android-cts-12.0_r2",
"android-mainline-11.0.0_r12",
"android-mainline-11.0.0_r13",
"android-mainline-11.0.0_r14",
"android-mainline-11.0.0_r15",
"android-mainline-11.0.0_r16",
"android-mainline-11.0.0_r17",
"android-mainline-11.0.0_r18",
"android-mainline-11.0.0_r20",
"android-mainline-11.0.0_r21",
"android-mainline-11.0.0_r22",
"android-mainline-11.0.0_r23",
"android-mainline-11.0.0_r24",
"android-mainline-11.0.0_r25",
"android-mainline-11.0.0_r26",
"android-mainline-11.0.0_r27",
"android-mainline-11.0.0_r28",
"android-mainline-11.0.0_r30",
"android-mainline-11.0.0_r31",
"android-mainline-11.0.0_r32",
"android-mainline-11.0.0_r34",
"android-mainline-11.0.0_r35",
"android-mainline-11.0.0_r36",
"android-mainline-11.0.0_r37",
"android-mainline-11.0.0_r38",
"android-mainline-11.0.0_r39",
"android-mainline-11.0.0_r40",
"android-mainline-11.0.0_r41",
"android-mainline-11.0.0_r42",
"android-mainline-11.0.0_r43",
"android-mainline-11.0.0_r44",
"android-mainline-12.0.0_r1",
"android-mainline-12.0.0_r10",
"android-mainline-12.0.0_r11",
"android-mainline-12.0.0_r12",
"android-mainline-12.0.0_r13",
"android-mainline-12.0.0_r14",
"android-mainline-12.0.0_r15",
"android-mainline-12.0.0_r16",
"android-mainline-12.0.0_r17",
"android-mainline-12.0.0_r18",
"android-mainline-12.0.0_r19",
"android-mainline-12.0.0_r2",
"android-mainline-12.0.0_r20",
"android-mainline-12.0.0_r21",
"android-mainline-12.0.0_r23",
"android-mainline-12.0.0_r25",
"android-mainline-12.0.0_r26",
"android-mainline-12.0.0_r27",
"android-mainline-12.0.0_r3",
"android-mainline-12.0.0_r31",
"android-mainline-12.0.0_r33",
"android-mainline-12.0.0_r36",
"android-mainline-12.0.0_r37",
"android-mainline-12.0.0_r39",
"android-mainline-12.0.0_r4",
"android-mainline-12.0.0_r5",
"android-mainline-12.0.0_r6",
"android-mainline-12.0.0_r7",
"android-mainline-12.0.0_r8",
"android-mainline-12.0.0_r9",
"android-platform-12.0.0_r1",
"android-platform-12.0.0_r2",
"android-platform-12.0.0_r3",
"android-s-beta-1",
"android-s-beta-2",
"android-s-beta-3",
"android-s-beta-4",
"android-s-beta-5",
"android-s-preview-1",
"android-s-v2-beta-2",
"android-s-v2-preview-1",
"android-s-v2-preview-2",
"android-vts-12.0_r1",
"android-vts-12.0_r2",
"platform-tools-29.0.1",
"platform-tools-29.0.2",
"platform-tools-29.0.3",
"platform-tools-29.0.4",
"platform-tools-29.0.5",
"platform-tools-29.0.6",
"platform-tools-30.0.0",
"platform-tools-30.0.1",
"platform-tools-30.0.2",
"platform-tools-30.0.3",
"platform-tools-30.0.4",
"platform-tools-30.0.5",
"platform-tools-31.0.0",
"platform-tools-31.0.1",
"platform-tools-31.0.2",
"platform-tools-31.0.3",
"android-cts-12.0_r3",
"android-mainline-12.0.0_r22",
"android-mainline-12.0.0_r24",
"android-mainline-12.0.0_r28",
"android-mainline-12.0.0_r29",
"android-mainline-12.0.0_r30",
"android-mainline-12.0.0_r34",
"android-mainline-12.0.0_r35",
"android-mainline-12.0.0_r38",
"android-mainline-12.0.0_r40",
"android-mainline-12.0.0_r41",
"android-mainline-12.0.0_r42",
"android-mainline-12.0.0_r43",
"android-mainline-12.0.0_r44",
"android-mainline-12.0.0_r45",
"android-mainline-12.0.0_r46",
"android-mainline-12.0.0_r47",
"android-mainline-12.0.0_r48",
"android-mainline-12.0.0_r49",
"android-mainline-12.0.0_r50",
"android-mainline-12.0.0_r51",
"android-mainline-12.0.0_r52",
"android-mainline-12.0.0_r53",
"android-mainline-12.0.0_r56",
"android-mainline-12.0.0_r57",
"android-mainline-12.0.0_r58",
"android-vts-12.0_r3",
"aml_doc_310851020",
"android-12.0.0_r33",
"android-12.0.0_r34",
"android-cts-12.0_r4",
"android-cts-12.0_r5",
"android-cts-12.0_r6",
"android-cts-12.0_r7",
"android-vts-12.0_r4",
"android-vts-12.0_r5",
"android-vts-12.0_r6",
"android-vts-12.0_r7"
]
}
],
"details": "OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40851\n\n```\nCrash type: Heap-buffer-overflow WRITE 4\nCrash state:\nih264d_mark_err_slice_skip\nih264d_video_decode\nih264d_api_function\n```\n",
"id": "OSV-2021-1559",
"modified": "2023-02-24T01:57:33.198621Z",
"published": "2021-11-10T00:01:37.617431Z",
"references": [
{
"type": "REPORT",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40851"
}
],
"schema_version": "1.2.0",
"summary": "Heap-buffer-overflow in ih264d_mark_err_slice_skip"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…