vulns/libjxl/OSV-2022-725.yaml

id: OSV-2022-725
summary: Heap-buffer-overflow in jxl::N_EMU128::WriteToU8Stage::ProcessRow
details: |
  OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50295

  ```
  Crash type: Heap-buffer-overflow WRITE 1
  Crash state:
  jxl::N_EMU128::WriteToU8Stage::ProcessRow
  jxl::LowMemoryRenderPipeline::RenderRect
  jxl::LowMemoryRenderPipeline::ProcessBuffers
  ```
modified: '2024-03-08T14:12:05.531355Z'
published: '2022-08-18T00:01:05.918943Z'
references:
- type: REPORT
  url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50295
affected:
- package:
    name: libjxl
    ecosystem: OSS-Fuzz
    purl: pkg:generic/libjxl
  ranges:
  - type: GIT
    repo: https://github.com/libjxl/libjxl.git
    events:
    - introduced: a50e71631cabfbdd57d540ba080ecec19b4664af
  versions:
  - v0.8.0rc1
  - v0.8.0
  - v0.8.1
  - v0.9-snapshot
  - v0.8.2
  - v0.9.0
  - v0.9.1
  - v0.9.2
  - v0.10.0
  - v0.10-snapshot
  - v0.10.1
  - v0.10.2
  ecosystem_specific:
    severity: HIGH
schema_version: 1.2.0