Reported

October 2, 2025

Issued

October 3, 2025

Package

wrflib (crates.io)

Type

INFO Unsound

Categories

• memory-corruption

References

• https://github.com/cruise-automation/webviz-rust-framework

Patched

no patched versions

Affected Functions

Version

wrflib::byte_extract::get_f32_le

• <=0.0.3

wrflib::byte_extract::get_f32_le_as_f32

• <=0.0.3

wrflib::byte_extract::get_f64_le

• <=0.0.3

wrflib::byte_extract::get_f64_le_as_f32

• <=0.0.3

wrflib::byte_extract::get_i16_le

• <=0.0.3

wrflib::byte_extract::get_i16_le_as_f32

• <=0.0.3

wrflib::byte_extract::get_i32_le

• <=0.0.3

wrflib::byte_extract::get_i32_le_as_f32

• <=0.0.3

wrflib::byte_extract::get_i64_le

• <=0.0.3

wrflib::byte_extract::get_i64_le_as_f32

• <=0.0.3

wrflib::byte_extract::get_i8_le

• <=0.0.3

wrflib::byte_extract::get_i8_le_as_f32

• <=0.0.3

wrflib::byte_extract::get_u16_le

• <=0.0.3

wrflib::byte_extract::get_u16_le_as_f32

• <=0.0.3

wrflib::byte_extract::get_u32_le

• <=0.0.3

wrflib::byte_extract::get_u32_le_as_f32

• <=0.0.3

wrflib::byte_extract::get_u64_le

• <=0.0.3

wrflib::byte_extract::get_u64_le_as_f32

• <=0.0.3

wrflib::byte_extract::get_u8_le

• <=0.0.3

wrflib::byte_extract::get_u8_le_as_f32

• <=0.0.3

Description

All functions under wrflib::byte_extract are simply wrapper of unsafe pointer offset and lacks sufficient checks to it pointer and offset parameter.

wrflib is unmaintained.

Advisory available under CC0-1.0 license.