Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
blurhash panics on parsing crafted inputs
Vulnerability Description
blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input. In a typical deployment, this may get triggered by feeding a maliciously crafted blurhashes over the network. These may include UTF-8 compliant strings containing multi-byte UTF-8 characters. A patch is available in version 0.2.0, which requires user intervention because of slight API churn. No known workarounds are available.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Vulnerability Type
未捕获的异常
Vulnerability Title
blurhash-rs 安全漏洞
Vulnerability Description
blurhash-rs是Blurhash的纯 Rust 实现。 blurhash-rs 0.1.1版本存在安全漏洞,该漏洞源于对不受信任的输入进行多次防护时出现越界访问,blurhash 解析代码可能会出现恐慌。
CVSS Information
N/A
Vulnerability Type
N/A