OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add unsound mozjpeg (#1389)

Browse Source
This commit is contained in:
pinkforest(she/her)
2022-08-31 04:35:03 +10:00
committed by GitHub
parent f56c70041a
commit cc892a6a6f
1 changed files with 32 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
crates/mozjpeg/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,32 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "mozjpeg"
date = "2020-07-04"
keywords = ["type confusion"]
url = "https://github.com/ImageOptim/mozjpeg-rust/issues/10"
categories = ["memory-corruption"]
references = ["https://github.com/kornelski/rust-rgb/issues/35", "https://rustsec.org/advisories/RUSTSEC-2020-0029.html"]
informational = "unsound"
[affected]
functions = { "mozjpeg::DecompressScanlines::read_scanlines" = ["< 0.8.19"] }
[versions]
patched = [">= 0.8.19"]
```
# mozjpeg DecompressScanlines::read_scanlines is Unsound
This issue and vector is similar to [RUSTSEC-2020-0029] of `rgb` crate which `mozjpeg` depends on.
Affected versions of `mozjpeg` crate allow creating instances of any type `T` from bytes,
and do not correctly constrain `T` to the types for which it is safe to do so.
Examples of safety violation possible for a type `T`:
* `T` contains a reference type, and it constructs a pointer to an invalid, arbitrary memory address.
* `T` requires a safety and/or validity invariant for its construction that may be violated.
The issue was fixed in 0.8.19 by using safer types and involving `rgb` dependency bump.
[RUSTSEC-2020-0029]: https://rustsec.org/advisories/RUSTSEC-2020-0029.html