OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
b426bdf91ca4e84bb67d55d0ef21d4ddbd514503
advisory-db/crates/fltk/RUSTSEC-2021-0038.md
Yechan Bae cda5b3ffd4 Update CVE numbers (#828)
2021-03-19 14:21:58 -07:00

894 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2021-0038"
package = "fltk"
aliases = [
    "CVE-2021-28306",
    "CVE-2021-28307",
    "CVE-2021-28308",
]
date = "2021-03-06"
keywords = ["undefined_behavior"]
url = "https://github.com/MoAlyousef/fltk-rs/issues/519"

[affected.functions]
"fltk::prelude::WidgetExt::set_label_type" = ["< 0.15.2"]
"fltk::prelude::WindowExt::set_icon" = ["< 0.14.12"]
"fltk::image::Pixmap::new" = ["< 0.15.2, >= 0.14.12"]

[versions]
patched = [">= 0.15.3"]

Multiple memory safety issues

Affected versions contain multiple memory safety issues, such as:

  • Setting a multi label type where an image doesn't exist would lead to a NULL pointer dereference.
  • Setting a window icon using a non-raster image (which FLTK rasterizes lazily) would lead to a NULL dereference.
  • Pixmap constructor would not check for correct pixmaps which could lead to out-of bound reads.