rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add advisory for index error in mp3-metadata

Browse Source
This commit is contained in:
Zeyang Zhuang
2025-04-28 21:41:16 +08:00
committed by Dirkjan Ochtman
parent d63efe8c21
commit 93640644aa
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
crates/mp3-metadata/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,23 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "mp3-metadata"
date = "2025-04-28"
url = "https://github.com/GuillaumeGomez/mp3-metadata/issues/36"
informational = "unsound"
categories = ["denial-of-service"]
[affected]
functions = {"mp3_metadata::read_from_slice" = ["< 0.4.0"]}
[versions]
patched = ["0.4.0"]
```
# Panic in mp3-metadata due to the lack of bounds checking
The `get_id3()` methods used by `mp3_metadata::read_from_slice()` does not perform adequate bounds
checking when recreating the tag due to the use of desynchronization.
Fixed in [Fix index error](https://github.com/GuillaumeGomez/mp3-metadata/pull/37), released as
part of 0.4.0.