GHSA-v8gq-5grq-9728 – mozjpeg

Package

Manager: cargo
Name: mozjpeg
Vulnerable Version: >=0 <0.8.19

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N

EPSS: N/A pctlN/A

Details

mozjpeg DecompressScanlines::read_scanlines is Unsound This issue and vector is similar to [RUSTSEC-2020-0029] of `rgb` crate which `mozjpeg` depends on. Affected versions of `mozjpeg` crate allow creating instances of any type `T` from bytes, and do not correctly constrain `T` to the types for which it is safe to do so. Examples of safety violation possible for a type `T`: * `T` contains a reference type, and it constructs a pointer to an invalid, arbitrary memory address. * `T` requires a safety and/or validity invariant for its construction that may be violated. The issue was fixed in 0.8.19 by using safer types and involving `rgb` dependency bump. [RUSTSEC-2020-0029]: https://rustsec.org/advisories/RUSTSEC-2020-0029.html

Metadata

Created: 2022-09-16T21:03:43Z
Modified: 2022-09-16T21:03:43Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-v8gq-5grq-9728/GHSA-v8gq-5grq-9728.json
CWE IDs: []
Alternative ID: N/A
Finding: F113
Auto approve: 1