osv-2026-605
Vulnerability from osv_ossfuzz
Published
2026-04-21 00:16
Modified
2026-04-30 14:32
Summary
Heap-buffer-overflow in DwaCompressor_uncompress
Details
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504280155
Crash type: Heap-buffer-overflow WRITE {*}
Crash state:
DwaCompressor_uncompress
internal_exr_undo_dwaa
exr_uncompress_chunk
References
| URL | Type | |
|---|---|---|
{
"affected": [
{
"database_specific": {
"fixed_range": "0592ee539f33c122c90f09238579b902d838afb4:ca2e5137d2e625bd050234df55171f8763c99a13"
},
"ecosystem_specific": {
"severity": "HIGH"
},
"package": {
"ecosystem": "OSS-Fuzz",
"name": "openexr",
"purl": "pkg:generic/openexr"
},
"ranges": [
{
"events": [
{
"introduced": "39b9d241cdcd4c95b7916992b8872d2620f9ac7a"
},
{
"fixed": "ca2e5137d2e625bd050234df55171f8763c99a13"
},
{
"introduced": "d948c6729c30cf15eaade9903ca0186d56a22d41"
},
{
"fixed": "e56ec0701252841ab4c71271e7cc7101e568b8d6"
}
],
"repo": "https://github.com/AcademySoftwareFoundation/openexr",
"type": "GIT"
}
],
"versions": [
"v3.3.10",
"v3.3.10-rc",
"v3.3.10-rc2",
"v3.3.4",
"v3.3.4-rc",
"v3.3.5",
"v3.3.5-rc",
"v3.3.5-rc3",
"v3.3.6",
"v3.3.6-rc",
"v3.3.6-rc2",
"v3.3.6-rc3",
"v3.3.6-rc4",
"v3.3.7",
"v3.3.7-rc",
"v3.3.7-rc2",
"v3.3.7-rc3",
"v3.3.7-rc4",
"v3.3.8",
"v3.3.8-rc",
"v3.3.9",
"v3.3.9-rc",
"v3.3.9-rc2",
"v3.4-alpha",
"v3.4.0",
"v3.4.0-rc",
"v3.4.1",
"v3.4.1-rc",
"v3.4.1-rc2",
"v3.4.10",
"v3.4.10-rc",
"v3.4.2",
"v3.4.2-rc",
"v3.4.2-rc2",
"v3.4.3",
"v3.4.3-rc",
"v3.4.3-rc2",
"v3.4.3-rc3",
"v3.4.4",
"v3.4.4-rc",
"v3.4.4-rc2",
"v3.4.5",
"v3.4.5-rc",
"v3.4.6",
"v3.4.6-rc",
"v3.4.7",
"v3.4.7-rc",
"v3.4.8",
"v3.4.8-rc",
"v3.4.9",
"v3.4.9-rc",
"v3.3.11-rc3",
"v3.4.11-rc",
"v3.4.11-rc2",
"v3.3.11"
]
}
],
"details": "OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504280155\n\n```\nCrash type: Heap-buffer-overflow WRITE {*}\nCrash state:\nDwaCompressor_uncompress\ninternal_exr_undo_dwaa\nexr_uncompress_chunk\n```\n",
"id": "OSV-2026-605",
"modified": "2026-04-30T14:32:28.224899Z",
"published": "2026-04-21T00:16:42.288653Z",
"references": [
{
"type": "REPORT",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504280155"
}
],
"schema_version": "1.7.5",
"summary": "Heap-buffer-overflow in DwaCompressor_uncompress"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…