Deps.rs

image_hasher 3.0.0

[![dependency status](https://deps.rs/crate/image_hasher/3.0.0/status.svg)](https://deps.rs/crate/image_hasher/3.0.0)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate image_hasher

Dependencies

(6 total, 1 possibly insecure)

CrateRequiredLatestStatus
 base64^0.22.00.22.1up to date
 fast_image_resize^5.0.05.3.0up to date
 image>=0.25, <0.260.25.8up to date
 rustdct^0.70.7.1up to date
 serde^1.01.0.228up to date
 transpose ⚠️^0.20.2.3maybe insecure

Dev dependencies

(3 total, 2 outdated)

CrateRequiredLatestStatus
 criterion^0.50.7.0out of date
 hamming-bitwise-fast^1.0.01.0.0up to date
 rand^0.80.9.2out of date

Security Vulnerabilities

transpose: Buffer overflow due to integer overflow in `transpose`

RUSTSEC-2023-0080

Given the function transpose::transpose:

fn transpose<T: Copy>(input: &[T], output: &mut [T], input_width: usize, input_height: usize)

The safety check input_width * input_height == output.len() can fail due to input_width * input_height overflowing in such a way that it equals output.len(). As a result of failing the safety check, memory past the end of output is written to. This only occurs in release mode since * panics on overflow in debug mode.

Exploiting this issue requires the caller to pass input_width and input_height arguments such that multiplying them overflows, and the overflown result equals the lengths of input and output slices.