Xcb Project: >> Xcb >> 2021-02-04 Security Vulnerabilities
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::change_property(), as demonstrated by a format=32 T=u8 situation where out-of-bounds bytes are sent to an X server.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-02-09
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::cast_event uses std::mem::transmute to return a reference to an arbitrary type.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-02-09
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name() calls std::str::from_utf8_unchecked() on unvalidated bytes from an X server.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-02-09
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data type returned by xcb::xproto::GetPropertyReply::value.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-02-09