CVE-2020-35916 – image

Package

Manager: cargo
Name: image
Vulnerable Version: >=0 <0.23.12

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00054 pctl0.16924

Details

Mutable reference with immutable provenance in image A mutable reference to a struct was constructed by dereferencing a pointer obtained from slice::as_ptr. Instead, slice::as_mut_ptr should have been called on the mutable slice argument. The former performs an implicit reborrow as an immutable shared reference which does not allow writing through the derived pointer.

Metadata

Created: 2021-08-25T20:49:54Z
Modified: 2023-06-13T18:17:31Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-9wgh-vjj7-7433/GHSA-9wgh-vjj7-7433.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-9wgh-vjj7-7433
Finding: F067
Auto approve: 1