VYPR
Critical severityNVD Advisory· Published Sep 9, 2019· Updated Aug 5, 2024

CVE-2019-16138

CVE-2019-16138

Description

An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
imagecrates.io
>= 0.10.2, < 0.21.30.21.3

Affected products

2
  • Rust/image cratedescription
  • ghsa-coords
    Range: >= 0.10.2, < 0.21.3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.