{"id":"RUSTSEC-2020-0073","summary":"Mutable reference with immutable provenance","details":"A mutable reference to a struct was constructed by dereferencing a pointer\nobtained from `slice::as_ptr`. Instead, `slice::as_mut_ptr` should have been\ncalled on the mutable slice argument. The former performs an implicit reborrow\nas an immutable shared reference which does not allow writing through the\nderived pointer.\n\nThere is no evidence for miscompilation, exploitable or otherwise, caused by\nthis bug. [Further investigation on Zulip][Zulip] suggests that the unoptimized\ngenerated LLVM IR does not contain any UB itself, effectively mitigating\nfurther effects.\n\n[Zulip]: https://rust-lang.zulipchat.com/#narrow/stream/146229-wg-secure-code/topic/Implications.20of.20using.20.60slice.3A.3Aas_ptr.60.20for.20mutable.20access/near/216499472","aliases":["CVE-2020-35916","GHSA-9wgh-vjj7-7433"],"modified":"2023-11-08T04:03:39.222638Z","published":"2020-11-12T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/image"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2020-0073.html"},{"type":"REPORT","url":"https://github.com/image-rs/image/issues/1357"}],"affected":[{"package":{"name":"image","ecosystem":"crates.io","purl":"pkg:cargo/image"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.23.12"}]}],"ecosystem_specific":{"affects":{"functions":["image::Bgr::from_slice_mut","image::Bgra::from_slice_mut","image::Luma::from_slice_mut","image::LumaA::from_slice_mut","image::Rgb::from_slice_mut","image::Rgba::from_slice_mut"],"arch":[],"os":[]},"affected_functions":null},"database_specific":{"categories":[],"cvss":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0073.json","informational":"unsound"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}