{"id":"OSV-2022-128","summary":"Stack-buffer-overflow in decompress_rNUMBER","details":"OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44432\n\nCrash type: Stack-buffer-overflow WRITE 1\nCrash state:\ndecompress_rNUMBER\nread_rNUMBER_meta_data\ndwg_decode\n","modified":"2022-07-30T00:11:15.450699Z","published":"2022-02-07T00:00:43.453413Z","references":[{"type":"REPORT","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44432"}],"affected":[{"package":{"name":"libredwg","ecosystem":"OSS-Fuzz","purl":"pkg:generic/libredwg"},"ranges":[{"type":"GIT","repo":"https://github.com/LibreDWG/libredwg","events":[{"introduced":"161045124139f7288f335fc1f51b1d403054ad61"},{"fixed":"fe03c5a89cbd441b6840335bd484cf08bc65c7c4"}]}],"versions":["0.12.4.4390","0.12.4.4395","0.12.4.4399","0.12.4.4400","0.12.4.4409","0.12.4.4415","0.12.4.4420","0.12.4.4423","0.12.4.4425","0.12.4.4430","0.12.4.4437","0.12.4.4442","0.12.4.4444","0.12.4.4462","0.12.4.4466","0.12.4.4467","0.12.4.4475","0.12.4.4487","0.12.4.4491","0.12.4.4492","0.12.4.4494","0.12.4.4497","0.12.4.4507","0.12.4.4515","0.12.4.4517","0.12.4.4522","0.12.4.4527","0.12.4.4530","0.12.4.4533","0.12.4.4535","0.12.4.4542","0.12.4.4544","0.12.4.4545","0.12.4.4548","0.12.4.4550","0.12.4.4553","0.12.4.4566","0.12.4.4567","0.12.4.4572","0.12.4.4583","0.12.4.4590","0.12.4.4598","0.12.4.4601","0.12.4.4606","0.12.4.4607","0.12.4.4608","0.12.4.4613","0.12.4.4615","0.12.5"],"ecosystem_specific":{"severity":"HIGH"},"database_specific":{"source":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libredwg/OSV-2022-128.yaml"}}],"schema_version":"1.7.3"}