RUSTSEC-2025-0027
Panic in mp3-metadata due to the lack of bounds checking
- Reported
- Issued
- Package
- mp3-metadata (crates.io)
- Type
- INFO Unsound
- Categories
- References
- Patched
-
>=0.4.0
- Affected Functions
- Version
mp3_metadata::read_from_slice
-
<0.4.0
Description
The get_id3()
methods used by mp3_metadata::read_from_slice()
does not perform adequate bounds
checking when recreating the tag due to the use of desynchronization.
Fixed in Fix index error, released as part of 0.4.0.
Advisory available under CC0-1.0 license.