CVE-2019-16138

Published: 09 September 2019

An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
rust-image
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(debian: Fixed before initial upload)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist