This issue and vector is similar to [RUSTSEC-2020-0029] of rgb
crate which mozjpeg
depends on.
Affected versions of mozjpeg
crate allow creating instances of any type T
from bytes,
and do not correctly constrain T
to the types for which it is safe to do so.
Examples of safety violation possible for a type T
:
T
contains a reference type, and it constructs a pointer to an invalid, arbitrary memory address.T
requires a safety and/or validity invariant for its construction that may be violated.The issue was fixed in 0.8.19 by using safer types and involving rgb
dependency bump.
{ "nvd_published_at": null, "cwe_ids": [], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-09-16T21:03:43Z" }