CVE-2023-36308

Опубликовано: 05 сент. 2023

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence

Ссылки

https://github.com/disintegration/imaging/issues/165
Exploit
Issue Tracking
Third Party Advisory
https://github.com/disintegration/imaging/releases/tag/v1.6.2
Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GX2SYGRCNFUAGELLDOBIERCSCYSGKFY/
https://github.com/disintegration/imaging/issues/165
Exploit
Issue Tracking
Third Party Advisory
https://github.com/disintegration/imaging/releases/tag/v1.6.2
Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GX2SYGRCNFUAGELLDOBIERCSCYSGKFY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3GX2SYGRCNFUAGELLDOBIERCSCYSGKFY/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:disintegration:imaging:1.6.2:*:*:*:*:go:*:*

EPSS

Процентиль: 6%

0.00025

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-129

Связанные уязвимости

CVE-2023-36308

CVSS3: 5.5

ubuntu

больше 2 лет назад

CVE-2023-36308

CVSS3: 5.5

debian

больше 2 лет назад

disintegration Imaging 1.6.2 allows attackers to cause a panic (becaus ...

GHSA-q7pp-wcgr-pffx

github

больше 2 лет назад

Crash when processing crafted TIFF files

EPSS

Процентиль: 6%

0.00025

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-129