CVE-2021-28308

Name of the Vulnerable Software and Affected Versions: fltk crate versions prior to 0.15.3

Description: The issue is related to multiple memory safety problems. There is an out-of-bounds read due to the lack of input validation in the pixmap constructor. Additionally, NULL pointer dereferences can occur when attempting to use a non-raster image for a window icon or when setting a multi-label type with a nonexistent image.

Recommendations: For versions prior to 0.15.3, update to version 0.15.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of non-raster images for window icons and ensuring that images exist before setting multi-label types. Restrict the use of the pixmap constructor until a patch is available.