CVE-2020-35916
MEDIUM5.5EPSS 0.05%Mutable reference with immutable provenance
Published: 8/25/2021Modified: 4/28/2026
Description
An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. (In the case of LLVM, the IR may be always correct.)
Affected packages (3)
- crates.io/imagefrom 0, < 0.23.12
- crates.io/image>= 0.0.0-0, < 0.23.12
- Debian/rust-imagefrom 0, < 0.23.14-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-35916
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-35916
- PATCHhttps://crates.io/crates/image
- PATCHhttps://github.com/image-rs/image
- WEBhttps://github.com/image-rs/image/commit/5cbe1e6767d11aff3f14c7ad69a06b04e8d583c7
- WEBhttps://github.com/image-rs/image/issues/1357
- WEBhttps://github.com/image-rs/image/pull/1358
- WEBhttps://rustsec.org/advisories/RUSTSEC-2020-0073.html