RustSec flags imageproc bugs that could expose memory through unchecked reads

RustSec’s latest warning lands where Rust developers least want to see it: inside imageproc, a popular image-processing crate that many computer-vision and graphics pipelines depend on. The advisory database flagged three separate memory-exposure issues on May 1, all classified as out-of-bounds-read problems under the #memory-safety keyword.

The first bug, RUSTSEC-2026-0115, hit imageproc::binary_descriptors::brief. RustSec said the code tried to clamp sampled coordinates by adding a constant and taking the minimum against the image edge, but crafted input could overflow that addition and slip past the safety check. The result was a read outside the image bounds. The affected versions started at 0.24.0, and RustSec listed fixed releases in the 0.24.1, 0.25.1, and 0.26.2 lines, with versions before 0.24 left unaffected. RustSec also linked the fix to pull request 778.

The second advisory, RUSTSEC-2026-0117, covered imageproc::geometric_transformations::warp_into and warp_into_with. Here the problem was a floating-point bounds check that handled NaN incorrectly before the code cast values into an index used by an unchecked access path. RustSec said a caller-controlled projection matrix could turn that into an arbitrary read primitive in some conditions, including bilinear sampling against an image with no data and one non-zero dimension, while bicubic sampling could read a few bytes beyond an allocation. That bug affected versions starting at 0.23.0, with patches listed in the same release bands as the other advisories: 0.23.1, 0.24.1, 0.25.1, and 0.26.2.

RUSTSEC-2026-0116 pointed to a third failure around a 2D kernel’s storage. RustSec said an incorrect bounds check compared total size against a product of dimensions, but the cast happened after multiplication, so overflow could evade validation. That meant a crafted Kernel object could still trigger unsafe reads even when the documented preconditions appeared satisfied. RustSec grouped all three findings on the imageproc package page, underscoring that this was not one isolated edge case but a cluster of related arithmetic and validation mistakes feeding unsafe access.

That makes the operational risk bigger than a crash. imageproc’s GitHub README describes it as a performant, well-tested, well-documented library for computer vision applications or graphics editors, and GitHub shows roughly 7.5k used-by dependents, 949 stars, 177 forks, more than 84 contributors, and 821 commits. For maintainers shipping hobby editors, document-analysis tools, or vision demos, the move today is simple: check every dependency on imageproc, update to the patched release line your project is pinned to, and treat any use of attacker-controlled geometry, kernels, or coordinates as security-sensitive code.