OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
2703251e71bb237f5f566a3ebb9962da54551dbb
advisory-db/crates/mozjpeg/RUSTSEC-2020-0165.md
github-actions[bot] cd616654ec Assigned RUSTSEC-2020-0165 to mozjpeg (#1396) 
Co-authored-by: pinkforest <pinkforest@users.noreply.github.com>
2022-08-31 04:35:26 +10:00

1.2 KiB
Raw Blame History 

[advisory]
id = "RUSTSEC-2020-0165"
package = "mozjpeg"
date = "2020-07-04"
keywords = ["type confusion"]
url = "https://github.com/ImageOptim/mozjpeg-rust/issues/10"
categories = ["memory-corruption"]
references = ["https://github.com/kornelski/rust-rgb/issues/35", "https://rustsec.org/advisories/RUSTSEC-2020-0029.html"]
informational = "unsound"

[affected]
functions = { "mozjpeg::DecompressScanlines::read_scanlines" = ["< 0.8.19"] }

[versions]
patched = [">= 0.8.19"]

mozjpeg DecompressScanlines::read_scanlines is Unsound

This issue and vector is similar to RUSTSEC-2020-0029 of rgb crate which mozjpeg depends on.

Affected versions of mozjpeg crate allow creating instances of any type T from bytes, and do not correctly constrain T to the types for which it is safe to do so.

Examples of safety violation possible for a type T:

  • T contains a reference type, and it constructs a pointer to an invalid, arbitrary memory address.
  • T requires a safety and/or validity invariant for its construction that may be violated.

The issue was fixed in 0.8.19 by using safer types and involving rgb dependency bump.