OSV-2025-326 Heap-use-after-free in __JS_FreeValueRT

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=415361008 Crash type: Heap-use-after-free WRITE 8 Crash state: JSFreeValueRT JSCallInternal JSEvalFunctionInternal...

PT-2025-19746 · Git +1 · Libredwg

Name of the Vulnerable Software and Affected Versions: LibDWG affected versions not specified Description: The software is susceptible to an index-out-of-bounds issue. The crash occurs during the processing of entities within the dwg decode eed, dwg decode entity, and dwg decode ATTDEF private...

PT-2025-20244 · Git +1 · Quickjs

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The software suffers from a heap-use-after-free WRITE 8 condition. The crash state involves the following functions: JS FreeValueRT, JS CallInternal, and JS...

OSV-2025-323 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=415382662 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/java.lang.StringLatin1.getChars java.base/java.lang.String.getChars...

OSV-2025-321 Use-of-uninitialized-value in JS_DefineProperty

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=415088961 Crash type: Use-of-uninitialized-value Crash state: JSDefineProperty buildbacktrace JSCallInternal...

PT-2025-20242 · Git +1 · Quickjs

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The issue involves a use-of-uninitialized-value crash occurring within the JS DefineProperty function, triggered through JS CallInternal and build backtrace...

PT-2025-31420 · Git · C-Blosc2

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=414856644 Crash type: Heap-buffer-overflow READ 1 Crash state: ZSTD decompressMultiFrame ZSTD decompressDCtx zstd wrap decompress...

Poster: Machine Learning for Vulnerability Detection As Target Oracle in Automated Fuzz Driver Generation

In vulnerability detection, machine learning has been used as an effective static analysis technique, although it suffers from a significant rate of false positives. Contextually, in vulnerability discovery, fuzzing has been used as an effective dynamic analysis technique, although it requires...

DEBIAN-CVE-2022-49769

In the Linux kernel, the following vulnerability has been resolved: gfs2: Check sbbsizeshift after reading superblock Fuzzers like to scribble over sbbsizeshift but in reality it's very unlikely that this field would be corrupted on its own. Nevertheless it should be checked to avoid the...

CVE-2025-37773

In the Linux kernel, the following vulnerability has been resolved: virtiofs: add filesystem context source name check In certain scenarios, for example, during fuzz testing, the source name may be NULL, which could lead to a kernel panic. Therefore, an extra check for the source name should be...

OSV-2025-300 Negative-size-param in recurse_update_offsets

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=413078692 Crash type: Negative-size-param Crash state: recurseupdateoffsets match pcre2match8...

OSV-2025-298 Heap-buffer-overflow in i18n::phonenumbers::UnicodeText::const_iterator::operator--

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=413161357 Crash type: Heap-buffer-overflow READ 1 Crash state: i18n::phonenumbers::UnicodeText::constiterator::operator-- i18n::phonenumbers::UnicodeString::tempSubString...

PT-2025-21904 · Git +1 · Pcre2

Name of the Vulnerable Software and Affected Versions: pcre2 affected versions not specified Description: The software is susceptible to a negative-size-param issue. The crash state involves the recurse update offsets and match functions, ultimately leading to a crash within the pcre2 match 8...

PT-2025-19366 · Git +1 · Poco

Name of the Vulnerable Software and Affected Versions: Poco versions affected versions not specified Description: The software suffers from a use-of-uninitialized-value issue. This occurs within the Poco::Net::NTLMCredentials::parseChallengeMessage,...

OSV-2025-290 Heap-buffer-overflow in pcpp::TelnetLayer::toString

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=411460531 Crash type: Heap-buffer-overflow READ 1 Crash state: pcpp::TelnetLayer::toString pcpp::Packet::toStringList pcpp::Packet::toString...

OSV-2025-289 Stack-buffer-overflow in ot::Cli::Utils::OutputLine

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=411460530 Crash type: Stack-buffer-overflow READ Crash state: ot::Cli::Utils::OutputLine ot::Cli::Dns::HandleDnsRecordResponse ot::Dns::Client::FinalizeQuery...

PT-2025-19365 · Git +1 · Openthread

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The software contains a stack-buffer-overflow read vulnerability. The crash state indicates the issue occurs within the Cli::Utils::OutputLine,...

OSV-2025-280 Heap-buffer-overflow in Assimp::SceneCombiner::CopyScene

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=410393968 Crash type: Heap-buffer-overflow READ Crash state: Assimp::SceneCombiner::CopyScene Assimp::Exporter::Export Assimp::Exporter::ExportToBlob...

OSV-2025-275 UNKNOWN READ in void std::__1::vector<unsigned char, std::__1::allocator<unsigned char>>::__cons

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=410115359 Crash type: UNKNOWN READ Crash state: void std::1::vector::cons Poco::Net::NTLMCredentials::parseChallengeMessage Poco::Net::HTTPNTLMCredentials::createNTLMMessage...

OSV-2025-271 Use-of-uninitialized-value in luaS_new

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=409585559 Crash type: Use-of-uninitialized-value Crash state: luaSnew auxsetstr luaLrequiref...