CVE-2020-35916: Mutable reference with immutable provenance in image

August 25, 2021 (updated June 13, 2023)

A mutable reference to a struct was constructed by dereferencing a pointer obtained from slice::as_ptr. Instead, slice::as_mut_ptr should have been called on the mutable slice argument. The former performs an implicit reborrow as an immutable shared reference which does not allow writing through the derived pointer.

References

github.com/advisories/GHSA-9wgh-vjj7-7433
github.com/image-rs/image
github.com/image-rs/image/commit/5cbe1e6767d11aff3f14c7ad69a06b04e8d583c7
github.com/image-rs/image/issues/1357
github.com/image-rs/image/pull/1358
nvd.nist.gov/vuln/detail/CVE-2020-35916
rustsec.org/advisories/RUSTSEC-2020-0073.html

Code Behaviors & Features

Detect and mitigate CVE-2020-35916 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →