CVE-2021-25904

Name of the Vulnerable Software and Affected Versions av-data crate versions prior to 0.3.0

Description An issue in the av-data crate allows a raw pointer to be dereferenced, leading to a read of an arbitrary memory address. This can sometimes cause a segfault. The fn Frame::copy from raw parts() function is a safe API that can take a raw pointer and dereference it, allowing access to arbitrary memory addresses. Feeding an invalid memory address pointer to the API may also cause the program to segfault.

Recommendations For versions prior to 0.3.0, the issue was corrected by removing the fn Frame::copy from raw parts() function. As a temporary workaround, consider avoiding the use of this function until the issue is resolved. Update to version 0.3.0 or later to fix the issue.