CVE-2020-35916 — Uncontrolled Resource Consumption in Image

CWE-400 — Uncontrolled Resource Consumption6 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 83.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Image-rs Image Golang Image Debian Rust-image

Timeline

PublishedDec 31

Latest updateAug 25

Description

An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. (In the case of LLVM, the IR may be always correct.)

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/rust-image< rust-image 0.23.14-1 (bookworm)

▶crates.iogolang/image0.0.0-0 — 0.23.12+1

▶NVDimage-rs/image< 0.23.12

🔴Vulnerability Details

OSV

Mutable reference with immutable provenance in image↗2021-08-25

▶

GHSA

Mutable reference with immutable provenance in image↗2021-08-25

▶

OSV

CVE-2020-35916: An issue was discovered in the image crate before 0↗2020-12-31

▶

OSV

Mutable reference with immutable provenance↗2020-11-12

▶

📋Vendor Advisories

Debian

CVE-2020-35916: rust-image - An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable re...↗2020

▶