GHSA-3H87-V52R-P9RG Out of bounds write in reorder

swapindex takes an iterator and swaps the items with their corresponding indexes. It reserves capacity and sets the length of the vector based on the .len method of the iterator. If the len returned by the iterator is larger than the actual number of elements yielded, then swapindex creates a...

GHSA-VPW8-43WM-RXW5 Double free in endian_trait

An issue was discovered in the endiantrait crate through 2021-01-04 for Rust. A double drop can occur when a user-provided Endian impl panics...

Uncontrolled Resource Consumption in parse_duration

An issue was discovered in the parseduration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service CPU and memory consumption via a duration string with a large exponent...

Out of bounds read in fltk

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is an out-of bounds read because the pixmap constructor lacks pixmap input validation...

GHSA-VJMG-PC8H-P6P8 Out of bounds read in fltk

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is an out-of bounds read because the pixmap constructor lacks pixmap input validation...

Null pointer deference in fltk

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a multi label type if the image is nonexistent...

Null pointer deference in fltk

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a non-raster image for a window icon...

booklibrs (>=0.1.0 <=1.1.6), boostvoronoi (>=0.4.2 <=0.6.0) +8 more potentially affected by CVE-2021-28306 +2 more via fltk (>=0.13.15 <=0.15.15)

fltk CARGO version =0.13.15, =0.1.0, =0.4.2, =0.3.1, =0.2.0, =0.1.0, =0.1.9, =0.1.0, =0.0.5, =0.1.1, =0.9.0, =0.9.15 Source cves: CVE-2021-28306, CVE-2021-28307, CVE-2021-28308 Source advisory: OSV:GHSA-7QCC-G2M9-8533...

GHSA-7QCC-G2M9-8533 Null pointer deference in fltk

An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereference during attempted use of a non-raster image for a window icon...

Arbitrary return types in xcb

The function xcb::xproto::GetPropertyReply::value returns a slice of type T where T is an unconstrained type parameter. The raw bytes received from the X11 server are interpreted as the requested type. The users of the xcb crate are advised to only call this function with the intended types. Thes...

GHSA-MP6R-FGW2-RXFX Arbitrary return types in xcb

The function xcb::xproto::GetPropertyReply::value returns a slice of type T where T is an unconstrained type parameter. The raw bytes received from the X11 server are interpreted as the requested type. The users of the xcb crate are advised to only call this function with the intended types. Thes...

financ (>=0.1.0 <=0.3.0), fitparser (>=0.1.0 <=0.5.1) +14 more potentially affected by CVE-2021-26951 via calamine (>=0.11.8 <=0.16.2)

calamine CARGO version =0.11.8, =0.1.0, =0.1.0, =1.0.0, =0.2.0, =0.15.0, =0.11.0, =0.16.0, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.0.1, =0.0.2 and more Source cves: CVE-2021-26951 Source advisory: OSV:GHSA-PPQP-78XX-3R38...

Out of bounds write in calamine

An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::setlen is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get...

GHSA-PPQP-78XX-3R38 Out of bounds write in calamine

An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::setlen is used without proper memory claiming, and this uninitialized memory is used for a user-provided Read operation, as demonstrated by Sectors::get...

AsgoreCore (>=0.1.0 <=0.1.2), RustyBox (=0.1.0) +425 more potentially affected by CVE-2021-26955 +3 more via xcb (>=0.10.1 <=0.9.0)

xcb CARGO version =0.10.1, =0.1.0, =0.1.0, =0.4.0, =0.1.0, =1.0.9, =0.6.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.3.0 and more Source cves: CVE-2021-26955, CVE-2021-26956, CVE-2021-26957, CVE-2021-26958 Source advisory: OSV:GHSA-3288-CWGW-CH86...

GHSA-3288-CWGW-CH86 Unchecked Return Value in xcb

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name calls std::str::fromutf8unchecked on unvalidated bytes from an X server...

Out of bounds read in xcb

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::changeproperty, as demonstrated by a format=32 T=u8 situation where out-of-bounds bytes are sent to an X server...

GHSA-2XPG-3HX4-FM9R Out of bounds read in xcb

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::changeproperty, as demonstrated by a format=32 T=u8 situation where out-of-bounds bytes are sent to an X server...

Unchecked Return Value in xcb

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::castevent uses std::mem::transmute to return a reference to an arbitrary type...

GHSA-3CJ3-JRRP-9RXF Unchecked Return Value in xcb

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::castevent uses std::mem::transmute to return a reference to an arbitrary type...