Skip to content

Crash when processing crafted TIFF files

Low severity GitHub Reviewed Published Sep 5, 2023 to the GitHub Advisory Database • Updated Mar 21, 2024

Package

gomod github.com/disintegration/imaging (Go)

Affected versions

<= 1.6.2

Patched versions

None

Description

Disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence

References

Published by the National Vulnerability Database Sep 5, 2023
Published to the GitHub Advisory Database Sep 5, 2023
Reviewed Mar 21, 2024
Last updated Mar 21, 2024

Severity

Low

EPSS score

0.049%
(21st percentile)

Weaknesses

CVE ID

CVE-2023-36308

GHSA ID

GHSA-q7pp-wcgr-pffx

Source code

github.com/disintegration/imaging
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.