OSV-2026-91

Import Source

JSON Data

https://api.test.osv.dev/v1/vulns/OSV-2026-91

Published

2026-01-20T00:09:07.159786Z

Modified

2026-01-21T00:38:54.164301Z

Summary

Use-after-poison in compress.cc

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=476224483

Crash type: Use-after-poison READ 1
Crash state:
compress.cc
LLVMFuzzerRunDriver
self_destruct

References

Affected packages

Type: GIT
Repo: https://github.com/libjpeg-turbo/libjpeg-turbo
Events: Introduced

43b0c0536bde8d367f5031e7990228928650c5b3

Fixed

3eb879acf4ce1efb4750688e864af172d34a4e0a

{
    "severity": "HIGH"
}

introduced_range

"2ec437488f1606c123ef3bd2d807ed09fd578a70:afcfbb97d29977b80fef3e4b7dc15d27bbf60bea"

source

"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libjpeg-turbo/OSV-2026-91.yaml"

fixed_range

"afcfbb97d29977b80fef3e4b7dc15d27bbf60bea:3eb879acf4ce1efb4750688e864af172d34a4e0a"