- Reported
-
- Issued
-
- Package
-
imageproc
(crates.io)
- Type
-
INFO
Unsound
- Categories
-
- Keywords
-
#out-of-bounds-read
#memory-safety
- Patched
-
>=0.23.1, <0.24.0>=0.24.1, <0.25.0>=0.25.1, <0.26.0>=0.26.2
- Affected Functions
- Version
imageproc::geometric_transformations::warp_into-
imageproc::geometric_transformations::warp_into_with-
Description
A bounds check was performed in floating points before a cast to the index
passed to an unchecked access function. This checked considered NaN cases
improperly, causing them to succeed the check instead of failing it. The
floating point coordinate is under caller control by passing a selected
projection matrix.
Carefully controlling the coordinates of an image with no data and one non-zero
dimension provides an arbitrary read primitive in the first 32-bits of address
space with a Bilinear sampling method.
Using bicubic sampling can result in a read of a few bytes beyond an allocation.
Other out-of-bounds reads may be possible.
Advisory available under CC0-1.0
license.