CVE-2021-28306

Name of the Vulnerable Software and Affected Versions: fltk crate versions prior to 0.15.3

Description: The issue is related to multiple memory safety problems in the fltk crate for Rust. These problems include a NULL pointer dereference when attempting to use a multi-label type with a nonexistent image, and another NULL pointer dereference when setting a window icon using a non-raster image. Additionally, there is an out-of-bounds read due to the pixmap constructor not validating its input properly.

Recommendations: For versions prior to 0.15.3, update to version 0.15.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of multi-label types with nonexistent images and non-raster images for window icons until the update is applied. Restrict access to the pixmap constructor to minimize the risk of out-of-bounds reads.