Skip to content

mozjpeg DecompressScanlines::read_scanlines is Unsound

High severity GitHub Reviewed Published Sep 16, 2022 to the GitHub Advisory Database • Updated Jan 11, 2023

Package

cargo mozjpeg (Rust)

Affected versions

< 0.8.19

Patched versions

0.8.19

Description

This issue and vector is similar to RUSTSEC-2020-0029 of rgb crate which mozjpeg depends on.

Affected versions of mozjpeg crate allow creating instances of any type T from bytes,
and do not correctly constrain T to the types for which it is safe to do so.

Examples of safety violation possible for a type T:

  • T contains a reference type, and it constructs a pointer to an invalid, arbitrary memory address.
  • T requires a safety and/or validity invariant for its construction that may be violated.

The issue was fixed in 0.8.19 by using safer types and involving rgb dependency bump.

References

Published to the GitHub Advisory Database Sep 16, 2022
Reviewed Sep 16, 2022
Last updated Jan 11, 2023

Severity

High

EPSS score

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-v8gq-5grq-9728

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.