RUSTSEC-2025-0080: 
Rust vulnerability analysis and mitigation

The transpose crate, a Rust library, was found to contain a security vulnerability (CVE-2023-53156) that was disclosed on July 27, 2025. The vulnerability affects all versions of the transpose crate before version 0.2.3. This security issue involves an integer overflow vulnerability that can be triggered through the inputwidth and inputheight arguments (NVD, Ubuntu Security).

The vulnerability is classified as CWE-190 (Integer Overflow or Wraparound). According to the CVSS 3.1 scoring system, it received a base score of 4.5 (Medium severity) with the vector string CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L. This indicates that the vulnerability requires local access, has high attack complexity, requires no privileges, needs no user interaction, has changed scope, and can impact both integrity and availability at a low level (NVD).

The vulnerability can lead to integer overflow conditions when processing inputwidth and inputheight arguments. While the direct impact is rated as low for both integrity and availability, with no impact on confidentiality, the changed scope indicates that the vulnerability could potentially affect resources beyond its security scope (NVD).

Users are advised to upgrade to transpose crate version 0.2.3 or later, which contains the fix for this vulnerability. The issue has been tracked and resolved through the project's GitHub repository (NVD).