CVE-2021-43620

CVE-2021-43620 affects the fruity crate (up to 0.2.0) for Rust. The issue stems from security-relevant validation of filename extensions and the use of NSString-to-string conversion that may return partial results. Specifically, the code can call CStr::from_ptr on a pointer to the string buffer, ...