toodee is vulnerable to Heap Buffer Overflow through its DrainCol Destructor

Published: Sep 9, 2025
Updated: Sep 10, 2025
GHSA: <a href="https://github.com/advisories/GHSA-pfp7-vxgr-83pw" target="_blank" rel="noopener"> GHSA-pfp7-vxgr-83pw
Severity: High
Exploit:

An off-by-one error in the DrainCol::drop destructor could cause an unsafe memory copy operation to exceed the bounds of the associated vector.

The error was related to the size of the data being copied in one of the ptr::copy invocations inside the destructor.

When removing the first column from a TooDee object, the DrainCol return object could cause a heap buffer overflow vulnerability when it is dropped.