GHSA-v7q4-97x4-4qw2

Source

https://github.com/advisories/GHSA-v7q4-97x4-4qw2

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-v7q4-97x4-4qw2/GHSA-v7q4-97x4-4qw2.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-v7q4-97x4-4qw2

Aliases

CVE-2021-28030
RUSTSEC-2021-0029

Published

2021-08-25T20:51:58Z

Modified

2023-11-08T04:05:27.666883Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Use of Uninitialized Resource in truetype

Details

An issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::take_bytes.

Database specific

{
    "nvd_published_at": null,
    "github_reviewed_at": "2021-08-19T17:22:46Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-908"
    ]
}

References

Affected packages

crates.io / truetype

Package

Name: truetype; View open source insights on deps.dev
Purl: pkg:cargo/truetype

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.30.1