Vulnerability Details CVE-2019-16138
An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2019-16138
-
cpe:2.3:a:image-rs:image:0.10.2
-
cpe:2.3:a:image-rs:image:0.10.3
-
cpe:2.3:a:image-rs:image:0.10.4
-
cpe:2.3:a:image-rs:image:0.11.0
-
cpe:2.3:a:image-rs:image:0.11.1
-
cpe:2.3:a:image-rs:image:0.12.0
-
cpe:2.3:a:image-rs:image:0.12.1
-
cpe:2.3:a:image-rs:image:0.12.2
-
cpe:2.3:a:image-rs:image:0.12.3
-
cpe:2.3:a:image-rs:image:0.12.4
-
cpe:2.3:a:image-rs:image:0.13.0
-
cpe:2.3:a:image-rs:image:0.14.0
-
cpe:2.3:a:image-rs:image:0.15.0
-
cpe:2.3:a:image-rs:image:0.16.0
-
cpe:2.3:a:image-rs:image:0.17.0
-
cpe:2.3:a:image-rs:image:0.18.0
-
cpe:2.3:a:image-rs:image:0.19.0
-
cpe:2.3:a:image-rs:image:0.20.1
-
cpe:2.3:a:image-rs:image:0.21.0
-
cpe:2.3:a:image-rs:image:0.21.1
-
cpe:2.3:a:image-rs:image:0.21.2