This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate rav1e

Dependencies

(48 total, 6 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 aom-sys^0.3.30.3.3up to date
 arbitrary^1.31.4.1up to date
 arg_enum_proc_macro^0.3.40.3.4up to date
 arrayvec^0.70.7.6up to date
 av-metrics^0.9.10.9.1up to date
 av1-grain^0.2.20.2.3up to date
 backtrace^0.30.3.74up to date
 bitstream-io^22.6.0up to date
 byteorder^1.5.01.5.0up to date
 cfg-if^1.01.0.0up to date
 clap^4.4.114.5.26up to date
 clap_complete^4.4.54.5.42up to date
 console^0.150.15.10up to date
 crossbeam^0.80.8.4up to date
 libdav1d-sys ⚠️^0.6.00.7.1+libdav1d.1.4.3out of date
 fern^0.60.7.1out of date
 image^0.24.70.25.5out of date
 interpolate_name^0.2.40.2.4up to date
 itertools^0.120.14.0out of date
 ivf^0.10.1.3up to date
 libc^0.20.2.169up to date
 libfuzzer-sys^0.4.70.4.8up to date
 log^0.40.4.22up to date
 new_debug_unreachable^1.0.41.0.6up to date
 nom^7.1.37.1.3up to date
 noop_proc_macro^0.3.00.3.0up to date
 num-derive^0.40.4.2up to date
 num-traits^0.20.2.19up to date
 once_cell^1.19.01.20.2up to date
 paste^1.01.0.15up to date
 profiling^11.0.16up to date
 rand^0.80.8.5up to date
 rand_chacha^0.30.3.1up to date
 maybe-rayon^0.10.1.1up to date
 scan_fmt^0.2.60.2.6up to date
 serde^1.01.0.217up to date
 serde-big-array^0.5.10.5.1up to date
 signal-hook^0.30.3.17up to date
 simd_helpers^0.10.1.0up to date
 system-deps^67.0.3out of date
 thiserror^1.02.0.11out of date
 toml^0.80.8.19up to date
 tracing^0.1.400.1.41up to date
 tracing-chrome^0.7.10.7.2up to date
 tracing-subscriber^0.3.180.3.19up to date
 v_frame^0.3.70.3.8up to date
 wasm-bindgen^0.2.890.2.100up to date
 y4m^0.80.8.0up to date

Dev dependencies

(9 total, all up-to-date)

CrateRequiredLatestStatus
 assert_cmd^2.02.0.16up to date
 criterion^0.50.5.1up to date
 interpolate_name^0.2.40.2.4up to date
 nom^7.1.37.1.3up to date
 pretty_assertions^1.4.01.4.1up to date
 quickcheck^1.01.0.3up to date
 rand^0.80.8.5up to date
 rand_chacha^0.30.3.1up to date
 semver^1.01.0.24up to date

Security Vulnerabilities

libdav1d-sys: dav1d AV1 decoder integer overflow

RUSTSEC-2024-0016

An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading to version 0.7.0 of libdav1d-sys, which includes dav1d 1.4.0