Deps.rs

rustfft 6.2.0

[![dependency status](https://deps.rs/crate/rustfft/6.2.0/status.svg)](https://deps.rs/crate/rustfft/6.2.0)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate rustfft

Dependencies

(6 total, 1 possibly insecure)

CrateRequiredLatestStatus
 num-complex^0.40.4.6up to date
 num-integer^0.1.400.1.46up to date
 num-traits^0.20.2.19up to date
 primal-check^0.3.30.3.4up to date
 strength_reduce^0.2.40.2.4up to date
 transpose ⚠️^0.20.2.3maybe insecure

Dev dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 getrandom^0.20.2.15up to date
 paste^1.0.91.0.15up to date
 rand^0.80.8.5up to date
 wasm-bindgen-test^0.3.360.3.45up to date

Security Vulnerabilities

transpose: Buffer overflow due to integer overflow in `transpose`

RUSTSEC-2023-0080

Given the function transpose::transpose:

fn transpose<T: Copy>(input: &[T], output: &mut [T], input_width: usize, input_height: usize)

The safety check input_width * input_height == output.len() can fail due to input_width * input_height overflowing in such a way that it equals output.len(). As a result of failing the safety check, memory past the end of output is written to. This only occurs in release mode since * panics on overflow in debug mode.

Exploiting this issue requires the caller to pass input_width and input_height arguments such that multiplying them overflows, and the overflown result equals the lengths of input and output slices.