oxidize-pdf: NaN/inf bypass in colour content-stream emission causes PDF rejection (DoS)
oxidize-pdf defines Color as a pub enum with public tuple-struct variants Rgb(f64, f64, f64), Gray(f64), and Cmyk(f64, f64, f64, f64). The constructors Color::rgb, Color::gray, and Color::cmyk clamp incoming components to [0.0, 1.0], but because the variants are pub, callers can construct values directly without going through the constructors: let safe = Color::rgb(f64::NAN, 0.5, 0.5); // clamps NaN to 0.0 let attack = Color::Rgb(f64::NAN, 0.5, 0.5); // bypasses clamp Color: Copy …