GHSA-5qv7-j6w5-fr4m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5qv7-j6w5-fr4m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-5qv7-j6w5-fr4m/GHSA-5qv7-j6w5-fr4m.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-5qv7-j6w5-fr4m
- Aliases
- Published
- 2026-05-07T03:03:48Z
- Modified
- 2026-05-07T09:11:25.320002639Z
- Severity
-
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- imageproc has fragile bounds check when sampling from image
- Details
-
A read of pixels was coded as modifying coordinates to lie within the image bounds. It would calculate a coordinate by adding a constant to an input and taking the minimum of the resulting coordinate and 'dimension - 1'. This would not protect against malicious inputs that could overflow the addition. Following the tricked bounds check, the image could then be sampled at multiple differently calculated coordinates that exceeded the bounds.
- Database specific
{ "nvd_published_at": null, "severity": "MODERATE", "github_reviewed_at": "2026-05-07T03:03:48Z", "cwe_ids": [ "CWE-190" ], "github_reviewed": true }- References
Affected packages
crates.io / imageproc
Package
- Name
- imageproc
- View open source insights on deps.dev
- Purl
- pkg:cargo/imageproc
crates.io / imageproc
Package
- Name
- imageproc
- View open source insights on deps.dev
- Purl
- pkg:cargo/imageproc
crates.io / imageproc
Package
- Name
- imageproc
- View open source insights on deps.dev
- Purl
- pkg:cargo/imageproc