—

RUSTSEC-2025-0164

`DTriangle` accessors may read out of bounds in affected versions

Details

In affected versions, `DTriangle::neighbor_by_order` and `DTriangle::vertex_by_order` were public safe functions that accepted an arbitrary `order` value. These functions used `order` to access fixed-size internal arrays with `get_unchecked`, without checking whether `order` was within bounds. Calling these methods with an out-of-bounds `order` could cause an out-of-bounds read from safe Rust code. This made the old APIs unsound, since safe callers could trigger undefined behavior without using `unsafe`.

The issue was fixed in version `0.29.0` as part of a broader rewrite that replaced the old triangle implementation with `IntTriangle` and removed the affected accessor methods.

Are you affected?

Enter the version of the package you're using.

Affected packages

crates.io / i_triangle

Introduced in: 0.0.0-0 Fixed in: 0.29.0

Upgrade i_triangle to 0.29.0 or newer (ecosystem crates.io).

References

https://crates.io/crates/i_triangle [PACKAGE]
https://rustsec.org/advisories/RUSTSEC-2025-0164.html [ADVISORY]
https://github.com/iShape-Rust/iTriangle/issues/4 [REPORT]
https://github.com/iShape-Rust/iTriangle/commit/13e0e9f4d5333e3a815191e5f6f402641997f91b [WEB]