Deps.rs

lenna-project / lenna-core

[![dependency status](https://deps.rs/repo/github/lenna-project/lenna-core/status.svg)](https://deps.rs/repo/github/lenna-project/lenna-core)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate lenna_core

Dependencies

(15 total, 6 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 base64^0.220.22.1up to date
 dyn-clone^1.01.0.19up to date
 kamadak-exif^0.6.10.6.1up to date
 image^0.24.70.25.6out of date
 img-parts^0.3.30.3.3up to date
 paste^1.01.0.15up to date
 pyo3 ⚠️^0.160.24.1out of date
 ndarray^0.15.60.16.1out of date
 nshare^0.90.10.0out of date
 numpy^0.160.24.0out of date
 pythonize^0.160.24.0out of date
 serde^1.01.0.219up to date
 serde_json^1.01.0.140up to date
 serde_yaml^0.9.340.9.34+deprecatedup to date
 libc^0.20.2.172up to date

Build dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 rustc_version^0.40.4.1up to date
 cbindgen^0.280.28.0up to date

Security Vulnerabilities

pyo3: Risk of buffer overflow in `PyString::from_object`

RUSTSEC-2025-0020

PyString::from_object took &str arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str data and potentially leak contents of the out-of-bounds read (by raising a Python exception containing a copy of the data including the overflow).

In PyO3 0.24.1 this function will now allocate a CString to guarantee a terminating nul bytes. PyO3 0.25 will likely offer an alternative API which takes &CStr arguments.