OSV-2024-1380 Index-out-of-bounds in ndpi_search_dns

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=383911300 Crash type: Index-out-of-bounds Crash state: ndpisearchdns searchdnsagain ndpidetectionprocesspacket...

OSV-2024-1375 Index-out-of-bounds in dwg_decode_eed

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=383814052 Crash type: Index-out-of-bounds Crash state: dwgdecodeeed dwgdecodeentity dwgdecodeRAYprivate...

PT-2024-41104 · Git +1 · Libredwg

Name of the Vulnerable Software and Affected Versions: Libdwg affected versions not specified Description: The software contains an index-out-of-bounds issue discovered by OSS-Fuzz. The crash occurs within the dwg decode eed, dwg decode entity, and dwg decode RAY private functions. Recommendation...

OSV-2024-1372 Bad-cast to Assimp::LogStream from Assimp::OptimizeMeshesProcess

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=383595860 Crash type: Bad-cast Crash state: Bad-cast to Assimp::LogStream from Assimp::OptimizeMeshesProcess CallbackToLogRedirector Assimp::DefaultLogger::WriteToStreams...

OSV-2024-1356 Heap-buffer-overflow in ChunkAssignData

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=382816119 Crash type: Heap-buffer-overflow READ 1 Crash state: ChunkAssignData WebPMuxCreateInternal MuxDemuxApiTest...

OSV-2024-1355 UNKNOWN READ in glslang::TInfoSinkBase::location

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=382922237 Crash type: UNKNOWN READ Crash state: glslang::TInfoSinkBase::location glslang::TParseContextBase::outputMessage glslang::TParseContextBase::error...

OSV-2024-1351 Use-of-uninitialized-value in Archive::UnexpEndArcMsg

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=382526743 Crash type: Use-of-uninitialized-value Crash state: Archive::UnexpEndArcMsg Archive::ReadHeader50 Archive::ReadHeader...

OSV-2024-1348 Heap-buffer-overflow in glslang::HlslGrammar::acceptDeclaration

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=382721848 Crash type: Heap-buffer-overflow READ 1 Crash state: glslang::HlslGrammar::acceptDeclaration glslang::HlslGrammar::acceptCompilationUnit glslang::HlslParseContext::parseShaderStrings...

OSV-2024-1346 UNKNOWN READ in glslang::HlslTokenStream::advanceToken

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=382547706 Crash type: UNKNOWN READ Crash state: glslang::HlslTokenStream::advanceToken glslang::HlslGrammar::acceptLiteral glslang::HlslGrammar::acceptPostfixExpression...

OSV-2024-1336 Security exception in org.checkerframework.checker.formatter.util.FormatUtil.formatParameterCategories

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=380409697 Crash type: Security exception Crash state: org.checkerframework.checker.formatter.util.FormatUtil.formatParameterCategories UtilCheckerFuzzer.fuzzChecker UtilCheckerFuzzer.fuzzerTestOneInput...

DEBIAN-CVE-2024-53429

Open62541 v1.4.6 is has an assertion failure in fuzzbinarydecode, which leads to a crash...

UBUNTU-CVE-2024-53429

Open62541 v1.4.6 is has an assertion failure in fuzzbinarydecode, which leads to a crash...

Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library. "These particular vulnerabilities represent a milestone for automated...

OSV-2024-1332 Negative-size-param in extract_mr_data

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=379768247 Crash type: Negative-size-param Crash state: extractmrdata parsemrstring readstatparsesav...

Open62541 安全漏洞

Open62541 is an open source implementation of OPC UA OPC Unified Architecture by Open62541 Open Source. A security vulnerability exists in Open62541 version 1.4.6, which stems from an assertion failure in fuzzbinarydecode that causes a crash...

CVE-2024-53429

Open62541 v1.4.6 is has an assertion failure in fuzzbinarydecode, which leads to a crash...

OSV-2024-1326 Heap-buffer-overflow in ndpi_search_mikrotik

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=379180960 Crash type: Heap-buffer-overflow READ 16 Crash state: ndpisearchmikrotik checkndpidetectionfunc ndpidetectionprocesspacket...

OSV-2024-1322 Security exception in com.alibaba.fastjson2.JSONReader.readObject

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=379180973 Crash type: Security exception Crash state: com.alibaba.fastjson2.JSONReader.readObject java.base/java.nio.charset.CharsetEncoder.replaceWith java.base/java.nio.charset.CharsetEncoder...

OSV-2024-1320 Heap-buffer-overflow in process_page_

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=379254072 Crash type: Heap-buffer-overflow READ 4 Crash state: processpage FLACoggdecoderaspectskiplink FLACstreamdecoderseekabsolute...

OSV-2024-1313 Security exception in org.apache.commons.codec.language.bm.Rule$Phoneme.<init>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=379008019 Crash type: Security exception Crash state: org.apache.commons.codec.language.bm.Rule$Phoneme. org.apache.commons.codec.language.bm.Rule$Phoneme. org.apache.commons.codec.language.bm.PhoneticEngine$PhonemeBuilder.app...