2509 matches found
CVE-2021-20176
A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability...
CVE-2021-20176
A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability...
DEBIAN-CVE-2021-20176
A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability...
CVE-2021-20176
A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability...
OESA-2021-1007 ImageMagick security update
Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...
CVE-2021-20176
A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability...
CVE-2021-20176
A divide-by-zero flaw was found in ImageMagick in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability...
RUSTSEC-2021-0051 KeyValueReader passes uninitialized memory to Read instance
The KeyValueReader type in affected versions of this crate set up an uninitialized memory buffer and passed them to be read in to a user-provided Read instance. The Read instance could read uninitialized memory and cause undefined behavior and miscompilations. This issue was fixed in commit dd59b...
KeyValueReader passes uninitialized memory to Read instance
The KeyValueReader type in affected versions of this crate set up an uninitialized memory buffer and passed them to be read in to a user-provided Read instance. The Read instance could read uninitialized memory and cause undefined behavior and miscompilations. This issue was fixed in commit dd59b...
`Read` on uninitialized buffer may cause UB (`impl Walue for Vec<u8>`)
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
RUSTSEC-2021-0014 Record::read : Custom `Read` on uninitialized buffer may cause UB
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Record::read Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized...
`IoReader::read()`: user-provided `Read` on uninitialized buffer may cause UB
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
RUSTSEC-2021-0016 `IoReader::read()`: user-provided `Read` on uninitialized buffer may cause UB
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
Deserialization functions pass uninitialized memory to user-provided Read
Affected versions of this crate passed an uninitialized buffer to a user-provided Read instance in: deserializebinary deserializestring deserializeextensionothers deserializestringprimitive This can result in safe Read implementations reading from the uninitialized buffer leading to undefined...
Record::read : Custom `Read` on uninitialized buffer may cause UB
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Record::read Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized...
RUSTSEC-2021-0092 Deserialization functions pass uninitialized memory to user-provided Read
Affected versions of this crate passed an uninitialized buffer to a user-provided Read instance in: deserializebinary deserializestring deserializeextensionothers deserializestringprimitive This can result in safe Read implementations reading from the uninitialized buffer leading to undefined...
RUSTSEC-2021-0013 Soundness issues in `raw-cpuid`
Undefined behavior in asstring methods VendorInfo::asstring, SoCVendorBrand::asstring, and ExtendedFunctionInfo::processorbrandstring construct byte slices using std::slice::fromrawparts, with data coming from reprRust structs. This is always undefined behavior. See...
RUSTSEC-2021-0089 Optional `Deserialize` implementations lacking validation
When activating the non-default feature serialize, most structs implement serde::Deserialize without sufficient validation. This allows breaking invariants in safe code, leading to: Undefined behavior in asstring methods which use std::str::fromutf8unchecked internally. Panics due to failed...
Optional `Deserialize` implementations lacking validation
When activating the non-default feature serialize, most structs implement serde::Deserialize without sufficient validation. This allows breaking invariants in safe code, leading to: Undefined behavior in asstring methods which use std::str::fromutf8unchecked internally. Panics due to failed...
Soundness issues in `raw-cpuid`
Undefined behavior in asstring methods VendorInfo::asstring, SoCVendorBrand::asstring, and ExtendedFunctionInfo::processorbrandstring construct byte slices using std::slice::fromrawparts, with data coming from reprRust structs. This is always undefined behavior. See...