Описание
An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.10.2 (включая) до 0.21.3 (исключая)
cpe:2.3:a:image-rs:image:*:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02203
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-416
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 6 лет назад
An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution.
CVSS3: 9.8
debian
больше 6 лет назад
An issue was discovered in the image crate before 0.21.3 for Rust, aff ...
EPSS
Процентиль: 84%
0.02203
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-416