Описание
An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| rust-image | not-affected | package |
Примечания
https://rustsec.org/advisories/RUSTSEC-2019-0014.html
EPSS
Процентиль: 84%
0.02203
Низкий
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 6 лет назад
An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution.
CVSS3: 9.8
nvd
больше 6 лет назад
An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution.
EPSS
Процентиль: 84%
0.02203
Низкий