{"id":"RUSTSEC-2026-0117","summary":"Fragile bounds check when sampling from image","details":"A bounds check was performed in floating points before a cast to the index\npassed to an unchecked access function. This checked considered `NaN` cases\nimproperly, causing them to succeed the check instead of failing it. The\nfloating point coordinate is under caller control by passing a selected\nprojection matrix.\n\nCarefully controlling the coordinates of an image with no data and one non-zero\ndimension provides an arbitrary read primitive in the first 32-bits of address\nspace with a Bilinear sampling method.\n\nUsing bicubic sampling can result in a read of a few bytes beyond an allocation.\n\nOther out-of-bounds reads may be possible.","aliases":["GHSA-qg8r-f7x3-25f7"],"modified":"2026-05-07T08:56:41Z","published":"2026-05-01T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/imageproc"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2026-0117.html"}],"affected":[{"package":{"name":"imageproc","ecosystem":"crates.io","purl":"pkg:cargo/imageproc"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.23.1"},{"introduced":"0.24.0"},{"fixed":"0.24.1"},{"introduced":"0.25.0"},{"fixed":"0.25.1"},{"introduced":"0.26.0"},{"fixed":"0.26.2"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"arch":[],"os":[],"functions":["imageproc::geometric_transformations::warp_into","imageproc::geometric_transformations::warp_into_with"]}},"database_specific":{"categories":["memory-exposure"],"informational":"unsound","source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0117.json","cvss":null}}],"schema_version":"1.7.5"}