{"id":"AZL-41454","summary":"CVE-2022-23639 affecting package librsvg2 for versions less than 2.58.1-1","details":"crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`. This can cause unaligned memory accesses and data race. Crates using `fetch_*` methods with `AtomicCell\u003c{i,u}64\u003e` are affected by this issue. 32-bit targets without `Atomic{I,U}64` and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds.","modified":"2026-04-21T04:29:17.353845Z","published":"2022-02-15T19:15:08Z","upstream":["CVE-2022-23639"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23639"}],"affected":[{"package":{"name":"librsvg2","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/librsvg2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.58.1-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-41454.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}