xcb

crates.io5 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting xcbpage 1 of 1

CVE-2020-36205MEDIUMCVSS 5.5EG 5.5✓ Fixed in 1.0.0
2021-01-26
An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur.
CVE-2021-26955CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.0.0
2021-02-09
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name() calls std::str::from_utf8_unchecked() on unvalidated bytes from an X server.
CVE-2021-26956CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.0.0
2021-02-09
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data type returned by xcb::xproto::GetPropertyReply::value.
CVE-2021-26957CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.0.0
2021-02-09
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::change_property(), as demonstrated by a format=32 T=u8 situation where out-of-bounds …
CVE-2021-26958HIGHCVSS 8.8EG 8.8✓ Fixed in 1.0.0
2021-02-09
An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::cast_event uses std::mem::transmute to return a reference to an arbitrar…

Check whether xcb is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for xcb CVEs against the assets you own.

Start Free Scan →