CVE-2023-36308

Improper Validation of Array Index in go/github.com/disintegration/imaging

Identifiers

CVE-2023-36308

Package Slug

go/github.com/disintegration/imaging

Vulnerability

Improper Validation of Array Index

Description

disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence

Affected Versions

Version 1.6.2

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-11-08

source