Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-66fw-43h8-f8p3: XMP Toolkit's `XmpFile::close` can trigger undefined behavior

Affected versions of the crate failed to catch C++ exceptions raised within the XmpFile::close function. If such an exception occured, it would trigger undefined behavior, typically a process abort.

This is best demonstrated in issue #230, where a race condition causes the close call to fail due to file I/O errors.

This was fixed in PR #232 (released as crate version 1.9.0), which now safely handles the exception.

For backward compatibility, the existing API ignores the error. A new API XmpFile::try_close was added to allow callers to receive and process the error result.

Users of all prior versions of xmp_toolkit are encouraged to update to version 1.9.0 to avoid undefined behavior.

ghsa
Open in Source
#git#c++

Affected versions of the crate failed to catch C++ exceptions raised within the XmpFile::close function. If such an exception occured, it would trigger undefined behavior, typically a process abort.

This is best demonstrated in issue #230, where a race condition causes the close call to fail due to file I/O errors.

This was fixed in PR #232 (released as crate version 1.9.0), which now safely handles the exception.

For backward compatibility, the existing API ignores the error. A new API XmpFile::try_close was added to allow callers to receive and process the error result.

Users of all prior versions of xmp_toolkit are encouraged to update to version 1.9.0 to avoid undefined behavior.

References

  • adobe/xmp-toolkit-rs#230
  • adobe/xmp-toolkit-rs#233
  • adobe/xmp-toolkit-rs#232
  • https://rustsec.org/advisories/RUSTSEC-2024-0360.html

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution
ghsa