File tree 1 file changed +32
-0
lines changed
1 file changed +32
-0
lines changed Original file line number Diff line number Diff line change 1+ ``` toml
2+ [advisory ]
3+ id = " RUSTSEC-0000-0000"
4+ package = " mozjpeg"
5+ date = " 2020-07-04"
6+ keywords = [" type confusion"
7+ url = " https://github.com/ImageOptim/mozjpeg-rust/issues/10"
8+ categories = [" memory-corruption"
9+ references = [" https://github.com/kornelski/rust-rgb/issues/35" " https://rustsec.org/advisories/RUSTSEC-2020-0029.html"
10+ informational = " unsound"
11+
12+ [affected ]
13+ functions = { "mozjpeg::DecompressScanlines::read_scanlines" = [" < 0.8.19"
14+
15+ [versions ]
16+ patched = [" >= 0.8.19"
17+ ```
18+ # mozjpeg DecompressScanlines::read_scanlines is Unsound
19+
20+ This issue and vector is similar to [ RUSTSEC-2020-0029] of ` rgb ` crate which ` mozjpeg ` depends on.
21+
22+ Affected versions of ` mozjpeg ` crate allow creating instances of any type ` T ` from bytes,
23+ and do not correctly constrain ` T ` to the types for which it is safe to do so.
24+
25+ Examples of safety violation possible for a type ` T ` :
26+
27+ * ` T ` contains a reference type, and it constructs a pointer to an invalid, arbitrary memory address.
28+ * ` T ` requires a safety and/or validity invariant for its construction that may be violated.
29+
30+ The issue was fixed in 0.8.19 by using safer types and involving ` rgb ` dependency bump.
31+
32+ [ RUSTSEC-2020-0029 ] : https://rustsec.org/advisories/RUSTSEC-2020-0029.html
You can’t perform that action at this time.
0 commit comments