HistoryEditJSON (OSV)

RUSTSEC-2025-0027

Panic in mp3-metadata due to the lack of bounds checking

Reported
Issued
Package
mp3-metadata (crates.io)
Type
INFO Unsound
Categories
References
Patched
  • ^0.4.0
Affected Functions
Version
mp3_metadata::read_from_slice
  • <0.4.0

Description

The get_id3() methods used by mp3_metadata::read_from_slice() does not perform adequate bounds checking when recreating the tag due to the use of desynchronization.

Fixed in Fix index error, released as part of 0.4.0.

Advisory available under CC0-1.0 license.