GHSA-v7q4-97x4-4qw2

Опубликовано: 25 авг. 2021

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Use of Uninitialized Resource in truetype

An issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::take_bytes.

Ссылки

Пакеты

Наименование

truetype

rust

Затронутые версииВерсия исправления

< 0.30.1

0.30.1

EPSS

Процентиль: 51%

0.00285

Низкий

7.5 High

CVSS3

CVE ID

CVE-2021-28030

Дефекты

CWE-908

Связанные уязвимости

CVE-2021-28030

CVSS3: 7.5

nvd

почти 5 лет назад

An issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation within Tape::take_bytes.

EPSS

Процентиль: 51%

0.00285

Низкий

7.5 High

CVSS3

CVE ID

CVE-2021-28030

Дефекты

CWE-908