RUSTSEC-2021-0007

Frame::copy_from_raw_parts can lead to segfault without unsafe

Issued
Package
av-data (crates.io)
Type
Vulnerability
Categories
  • memory-exposure
  • privilege-escalation
Aliases
Details
https://github.com/rust-av/rust-av/issues/136
Patched
  • >=0.3.0

Description

fn Frame::copy_from_raw_parts() is a safe API that can take a raw pointer and dereference it. It is possible to read arbitrary memory address with an arbitrarily fed pointer. This allows the safe API to access & read arbitrary address in memory. Feeding an invalid memory address pointer to the API may also cause the program to segfault.

The flaw was corrected in https://github.com/rust-av/rust-av/pull/137, by removing the API fn Frame::copy_from_raw_parts().

More