GSA_kwCzR0hTQS05cTc4LTI3ZjMtMmptaM4ABLks

Moderate CVSS: 4.6

Permalink JSON

webp crate may expose memory contents when encoding an image

Affected Packages	Affected Versions	Fixed Versions
cargo:webp PURL: `pkg:cargo/webp`	< 0.3.1	0.3.1
27 Dependent packages 372 Dependent repositories 1,691,020 Downloads total Affected Version Ranges All affected versions 0.0.0, 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 0.3.0 All unaffected versions 0.3.1

Affected versions of this crate did not check that the input slice passed to "webp::Encoder::encode() is large enough for the specified image dimensions.

If the input slice is too short, the library will read out of bounds of the buffer and encode other memory contents as an image, resulting in memory exposure or a segmentation fault.

The flaw was corrected in pull request #44 by always validating the input buffer size when constructing the encoder.

References:

Identifiers

GHSA-9q78-27f3-2jmh

Risk

Severity

Moderate

CVSS

CVSS Score: 4.6

CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/jaredforth/webp

Date and time

Published

8 days ago

Updated

8 days ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories