osv-2026-987
Vulnerability from osv_ossfuzz
Published
2026-06-28 00:11
Modified
2026-06-30 17:41
Summary
Index-out-of-bounds in print_insn_tic6x
Details
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=528509499
Crash type: Index-out-of-bounds
Crash state:
print_insn_tic6x
disassemble_section
bfd_map_over_sections
{
"affected": [
{
"database_specific": {
"fixed_range": "11f57b156514211af29b93588c0fee2f8b3e66e4:7e5ab72bd1d8fd5fa532bae67208e85ec4412230",
"introduced_range": "80f2ae843a3c0968b34db51e4bb62a4610fa685d:db856d41004301b3a56438efd957ef5cabb91530"
},
"ecosystem_specific": {
"severity": "MEDIUM"
},
"package": {
"ecosystem": "OSS-Fuzz",
"name": "binutils",
"purl": "pkg:generic/binutils"
},
"ranges": [
{
"events": [
{
"introduced": "e814012b2b108743e21b7ef2799310a0f4e0a86d"
},
{
"fixed": "7e5ab72bd1d8fd5fa532bae67208e85ec4412230"
},
{
"introduced": "9542d1b3a05477c415d870b7b652cdde75a5c8ea"
}
],
"repo": "git://sourceware.org/git/binutils-gdb.git",
"type": "GIT"
}
],
"versions": [
"binutils-2_44",
"binutils-2_45",
"binutils-2_45_1",
"binutils-2_46",
"binutils-2_46_1",
"gdb-15.2-release",
"gdb-16-branchpoint",
"gdb-16.1-release",
"gdb-16.2-release",
"gdb-16.3-release",
"gdb-17-branchpoint",
"gdb-17.1-release",
"gdb-17.2-release"
]
}
],
"details": "OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=528509499\n\n```\nCrash type: Index-out-of-bounds\nCrash state:\nprint_insn_tic6x\ndisassemble_section\nbfd_map_over_sections\n```\n",
"id": "OSV-2026-987",
"modified": "2026-06-30T17:41:55.689855Z",
"published": "2026-06-28T00:11:41.291924Z",
"references": [
{
"type": "REPORT",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=528509499"
}
],
"schema_version": "1.7.5",
"summary": "Index-out-of-bounds in print_insn_tic6x"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…