CVE-2021-26952
CVE-2021-26952 affects the Rust crate ms3d prior to 0.1.3. The issue arises when IoReader::read processes data into an uninitialized buffer, allowing an attacker to obtain sensitive information from memory. The root cause is passing an uninitialized buffer to a user-provided Read implementation, ...