CVE-2021-28030

Name of the Vulnerable Software and Affected Versions: truetype crate versions prior to 0.30.1

Description: An issue in the truetype crate allows attackers to read the contents of uninitialized memory locations via a user-provided Read operation within Tape::take bytes(). This can result in safe Read implementations reading from the uninitialized buffer, leading to undefined behavior.

Recommendations: For versions prior to 0.30.1, update to version 0.30.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of Tape::take bytes() with user-provided Read operations until a patch is applied.