OSV-2023-1177 Heap-buffer-overflow in Gfx::ICC::TextDescriptionTagData::from_bytes

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64219 Crash type: Heap-buffer-overflow READ 1 Crash state: Gfx::ICC::TextDescriptionTagData::frombytes Gfx::ICC::Profile::tryloadfromexternallyownedmemory FuzzICCProfile.cpp...

Unexpected panic in multihash

In versions prior 0.11.3 it's possible to make fromslice panic by feeding it certain malformed input. It's never documented that fromslice and frombytes which wraps it can panic, and its' return type Result suggests otherwise. In practice, fromslice/frombytes is frequently used in networking code...

RUSTSEC-2020-0068 Unexpected panic in multihash `from_slice` parsing code

In versions prior 0.11.3 it's possible to make fromslice panic by feeding it certain malformed input. It's never documented that fromslice and frombytes which wraps it can panic, and its' return type Result suggests otherwise. In practice, fromslice/frombytes is frequently used in networking code...