This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate av-codec

Dependencies

(3 total, 3 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 av-data ⚠️^0.2.10.4.2out of date
 err-derive^0.2.30.3.1out of date
 num-rational^0.2.20.4.1out of date

Security Vulnerabilities

av-data: `Frame::copy_from_raw_parts` can lead to segfault without `unsafe`

RUSTSEC-2021-0007

fn Frame::copy_from_raw_parts() is a safe API that can take a raw pointer and dereference it. It is possible to read arbitrary memory address with an arbitrarily fed pointer. This allows the safe API to access & read arbitrary address in memory. Feeding an invalid memory address pointer to the API may also cause the program to segfault.

The flaw was corrected in https://github.com/rust-av/rust-av/pull/137, by removing the API fn Frame::copy_from_raw_parts().