Use of Uninitialized Resource Affecting postscript package, versions <0.14.0
Threat Intelligence
EPSS
0.32% (71st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RUST-POSTSCRIPT-5707469
- published 14 Jun 2023
- disclosed 25 Aug 2021
- credit @sslab-gatech
Introduced: 25 Aug 2021
CVE-2021-26953 Open this link in a new tabHow to fix?
Upgrade postscript
to version 0.14.0 or higher.
Overview
Affected versions of this package are vulnerable to Use of Uninitialized Resource. Arbitrary Read implementations can read from the uninitialized buffer (memory exposure) and also can return an incorrect number of bytes written to the buffer. Reading from uninitialized memory produces undefined values that can quickly invoke undefined behavior.
References
CVSS Scores
version 3.1