crates.io package
image
pkg:cargo/image
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-35916 | — | < 0.23.12 | 0.23.12 | Dec 31, 2020 | An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. (In the case of LLVM, the IR may be always correct.) | ||
| CVE-2019-16138 | — | >= 0.10.2, < 0.21.3 | 0.21.3 | Sep 9, 2019 | An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution. |
- CVE-2020-35916Dec 31, 2020affected < 0.23.12fixed 0.23.12
An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. (In the case of LLVM, the IR may be always correct.)
- CVE-2019-16138Sep 9, 2019affected >= 0.10.2, < 0.21.3fixed 0.21.3
An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution.