OSV-2026-65 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=476179553 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/sun.nio.cs.UTF8$Encoder.encodeArrayLoop java.base/sun.nio.cs.UTF8$Encoder.encodeLoop...

Enhancing Fuzz Testing Efficiency through Automated Fuzz Target Generation

Fuzzing continues to be the most effective method for identifying security vulnerabilities in software. In the context of fuzz testing, the fuzzer supplies varied inputs to fuzz targets, which are designed to comprehensively exercise critical sections of the client code. Various studies have...

OSV-2026-57 Heap-buffer-overflow in mkv::matroska_segment_c::TrackInit

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=475261418 Crash type: Heap-buffer-overflow READ 1 Crash state: mkv::matroskasegmentc::TrackInit mkv::matroskasegmentc::TrackInit mkv::matroskasegmentc::ParseTrackEntry...

OSV-2026-55 Use-of-uninitialized-value in vp9_quantize_fp_avx2

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=475583924 Crash type: Use-of-uninitialized-value Crash state: vp9quantizefpavx2 blockyrd vp9pickintermode...

OSV-2026-53 Heap-use-after-free in graph::LigatureSubstFormat1::shrink

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=475607265 Crash type: Heap-use-after-free READ 8 Crash state: graph::LigatureSubstFormat1::shrink graph::LigatureSubstFormat1::splitcontextt::shrink hbvectort graph::actuatesubtablesplitgraph::LigatureSu...

OSV-2026-49 Heap-buffer-overflow in check_sync_pes

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=475305126 Crash type: Heap-buffer-overflow READ Crash state: checksyncpes Demux demuxprocessstream...

OSV-2026-44 UNKNOWN READ in MP4_TrackSeek

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=475299914 Crash type: UNKNOWN READ Crash state: MP4TrackSeek DemuxMoov Demux...

OSV-2026-30 Use-of-uninitialized-value in vp9_quantize_fp_avx2

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=474614578 Crash type: Use-of-uninitialized-value Crash state: vp9quantizefpavx2 blockyrd vp9pickintermode...

OSV-2026-19 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=473884569 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/java.lang.String. org.antlr.v4.runtime.CodePointCharStream$CodePoint8BitCharStream.getText...

OSV-2026-4 UNKNOWN READ in rb_managed_id_table_lookup

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=472871119 Crash type: UNKNOWN READ Crash state: rbmanagedidtablelookup vmlookupcc rbvmsearchmethodslowpath...

OSV-2026-2 Heap-buffer-overflow in cmt_mpack_consume_uint_tag

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=472785094 Crash type: Heap-buffer-overflow WRITE 8 Crash state: cmtmpackconsumeuinttag cmtmpackunpackarray cmtmpackunpackmap...

OSV-2025-1049 Heap-buffer-overflow in unsigned char* std::__1::vector<unsigned char, std::__1::allocator<unsigned char

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=472222304 Crash type: Heap-buffer-overflow READ 1 Crash state: unsigned char std::1::vectorunsigned char, std::1::allocatorunsigned char pcpp::TLSECPointFormatExtension::getECPointFormatList...

OSV-2025-1039 UNKNOWN WRITE in fuzz_regexp

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=471926738 Crash type: UNKNOWN WRITE Crash state: fuzzregexp...

OSV-2025-1018 Stack-buffer-overflow in lre_exec

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=471304472 Crash type: Stack-buffer-overflow READ 8 Crash state: lreexec fuzzregexp.c...

OSV-2025-1016 Use-of-uninitialized-value in js_create_function

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=471075808 Crash type: Use-of-uninitialized-value Crash state: jscreatefunction JSEvalInternal JSEvalObject...

OSV-2025-1001 Dynamic-stack-buffer-overflow in _ox_err_set_with_location

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=470447384 Crash type: Dynamic-stack-buffer-overflow READ 1 Crash state: oxerrsetwithlocation readtext readelement...

OSV-2025-994 Heap-buffer-overflow in rx_icmp

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=469520969 Crash type: Heap-buffer-overflow READ 1 Crash state: rxicmp mgtcpiprx fuzz.c...

OSV-2025-989 Bad-cast to UT_hash_bucket' (aka 'struct UT_hash_bucket')password_file__cleanup

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=468922225 Crash type: Bad-cast Crash state: Bad-cast to UThashbucket' aka 'struct UThashbucket'passwordfilecleanup mosquittosecuritycleanupdefault brokerfuzzpasswordfile.cpp...

OSV-2025-970 Heap-buffer-overflow in check_sync_pes

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=465802762 Crash type: Heap-buffer-overflow READ Crash state: checksyncpes Demux demuxprocessstream...

OSV-2025-955 Use-of-uninitialized-value in decoder_context::construct_reference_picture_lists

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=464323256 Crash type: Use-of-uninitialized-value Crash state: decodercontext::constructreferencepicturelists decodercontext::processslicesegmentheader decodercontext::readsliceNAL...