disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence
References
| Link | Resource |
|---|---|
| https://github.com/disintegration/imaging/issues/165 | Exploit Issue Tracking Third Party Advisory |
| https://github.com/disintegration/imaging/releases/tag/v1.6.2 | Release Notes |
Configurations
History
07 Nov 2023, 04:16
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence |
08 Sep 2023, 17:55
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:disintegration:imaging:1.6.2:*:*:*:*:go:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
| First Time |
Disintegration imaging
Disintegration |
|
| CWE | CWE-129 | |
| References | (MISC) https://github.com/disintegration/imaging/releases/tag/v1.6.2 - Release Notes | |
| References | (MISC) https://github.com/disintegration/imaging/issues/165 - Exploit, Issue Tracking, Third Party Advisory |
05 Sep 2023, 04:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-09-05 04:15
Updated : 2024-05-17 02:25
NVD link : CVE-2023-36308
Mitre link : CVE-2023-36308
CVE.ORG link : CVE-2023-36308
JSON object : View
Products Affected
disintegration
- imaging
CWE
CWE-129
Improper Validation of Array Index