N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-v8gq-5grq-9728

EPSS Score

CWE

Published

9/16/2022

Updated

1/11/2023

KEV Status

Technology

Rust

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-v8gq-5grq-9728

GHSA-v8gq-5grq-9728: mozjpeg DecompressScanlines::read_scanlines is Unsound

This issue and vector is similar to RUSTSEC-2020-0029 of rgb crate which mozjpeg depends on.

Affected versions of mozjpeg crate allow creating instances of any type T from bytes, and do not correctly constrain T to the types for which it is safe to do so.

Examples of safety violation possible for a type T:

T contains a reference type, and it constructs a pointer to an invalid, arbitrary memory address.
T requires a safety and/or validity invariant for its construction that may be violated.

The issue was fixed in 0.8.19 by using safer types and involving rgb dependency bump.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-v8gq-5grq-9728

EPSS Score

CWE

Published

9/16/2022

Updated

1/11/2023

KEV Status

Technology

Rust

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
mozjpeg	rust	< 0.8.19	0.8.19

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The advisory explicitly names DecompressScanlines::read_scanlines as the vulnerable entry point. The function's implementation prior to 0.8.19 used unsafe byte conversion patterns similar to RUSTSEC-2020-0029 in the rgb crate, allowing unconstrained transmutation of arbitrary bytes into any Copy type. This violates Rust's safety requirements for valid bit patterns and absence of padding bytes, enabling creation of invalid references and type confusion attacks. The GitHub issue #10 directly calls out this function's unsoundness, and the fix involved constraining acceptable types through safer abstractions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T*is issu* *n* v**tor is simil*r to [RUSTS**-****-****] o* `r**` *r*t* w*i** `mozjp**` **p*n*s on. *****t** v*rsions o* `mozjp**` *r*t* *llow *r**tin* inst*n**s o* *ny typ* `T` *rom *yt*s, *n* *o not *orr**tly *onstr*in `T` to t** typ*s *or w*i** it

Reasoning

T** **visory *xpli*itly n*m*s `***ompr*ssS**nlin*s::r***_s**nlin*s` *s t** vuln*r**l* *ntry point. T** *un*tion's impl*m*nt*tion prior to *.*.** us** uns*** *yt* *onv*rsion p*tt*rns simil*r to RUSTS**-****-**** in t** r** *r*t*, *llowin* un*onstr*in*

N/A

Basic Information

Concerned about an active attack path?

GHSA-v8gq-5grq-9728: mozjpeg DecompressScanlines::read_scanlines is Unsound

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI