RUSTSEC-2021-0038

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2021-0038

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2021-0038.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2021-0038

Aliases

Published

2021-03-06T12:00:00Z

Modified

2024-03-15T00:05:17.414684Z

Summary

Multiple memory safety issues

Details

Affected versions contain multiple memory safety issues, such as:

Setting a multi label type where an image doesn't exist would lead to a NULL pointer dereference.
Setting a window icon using a non-raster image (which FLTK rasterizes lazily) would lead to a NULL dereference.
Pixmap constructor would not check for correct pixmaps which could lead to out-of bound reads.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / fltk

Package

Name: fltk; View open source insights on deps.dev
Purl: pkg:cargo/fltk

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.15.3

Ecosystem specific

{
    "affects": {
        "arch": [],
        "os": [],
        "functions": [
            "fltk::image::Pixmap::new",
            "fltk::prelude::WidgetExt::set_label_type",
            "fltk::prelude::WindowExt::set_icon"
        ]
    },
    "affected_functions": null
}

Database specific

{
    "informational": null,
    "categories": [],
    "cvss": null
}