The blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input.
In a typical deployment, this may get triggered by feeding a maliciously crafted blurhashes over the network. These may include: - UTF-8 compliant strings containing multi-byte UTF-8 characters
The patches were released under version 0.2.0, which may require user intervention because of slight API churn.
{ "license": "CC0-1.0" }