{"id":"OSV-2024-384","summary":"Heap-use-after-free in json_fixed_string","details":"OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67528\n\n```\nCrash type: Heap-use-after-free WRITE 11\nCrash state:\njson_fixed_string\njson_RNUMBER_Header\ndwg_read_json\n```\n","modified":"2024-12-25T14:21:22.172697Z","published":"2024-04-30T00:12:26.560732Z","references":[{"type":"REPORT","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67528"}],"affected":[{"package":{"name":"libredwg","ecosystem":"OSS-Fuzz","purl":"pkg:generic/libredwg"},"ranges":[{"type":"GIT","repo":"https://github.com/LibreDWG/libredwg","events":[{"introduced":"6d082fd0b2c6c33914cbdc943370b9a0a5dd3ef0"},{"fixed":"56d392a7e5ae5f522004ff92396dabd468f8d810"}]}],"versions":["0.13","0.13.1","0.13.2","0.13.3","0.13.3.7163","0.13.3.7165","0.13.3.7166","0.13.3.7168","0.13.3.7176","0.13.3.7183","0.13.3.7186","0.13.3.7187","0.13.3.7190","0.13.3.7199","0.13.3.7217","0.13.3.7220","0.13.3.7223","0.13.3.7224","0.13.3.7225","0.13.3.7226","0.13.3.7227","0.13.3.7233","0.13.3.7240","0.13.3.7246","0.13.3.7251","0.13.3.7257","0.13.3.7259","0.13.3.7262","0.13.3.7264","0.13.3.7265","0.13.3.7268","0.13.3.7270","0.13.3.7273","0.13.3.7298","0.13.3.7306","0.13.3.7308","0.13.3.7320","0.13.3.7324","0.13.3.7327","0.13.3.7338","0.13.3.7341","0.13.3.7344","0.13.3.7345","0.13.3.7351","0.13.3.7371","0.13.3.7377","0.13.3.7385","0.13.3.7405","0.13.3.7409","0.13.3.7411","0.13.3.7412","0.13.3.7414","0.13.3.7420","0.13.3.7424"],"ecosystem_specific":{"severity":"HIGH"},"database_specific":{"fixed_range":"47a07e5fadfd335adf63cb3ff995edbda86565a3:56d392a7e5ae5f522004ff92396dabd468f8d810","source":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libredwg/OSV-2024-384.yaml"}}],"schema_version":"1.7.3"}