Lucene search

[email protected]CVE-2023-36308

HistorySep 05, 2023 - 4:15 a.m.

CVE-2023-36308

2023-09-0504:15:08

CWE-129

[email protected]

web.nvd.nist.gov

cve-2023-36308

disintegration imaging

tiff file

panic

integer index out of range

security consequence

scanner.go

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence

Affected configurations

NVD

Node

disintegrationimagingMatch1.6.2go

CPENameOperatorVersion
disintegration:imagingdisintegration imagingeq1.6.2

CPE	Name	Operator	Version
disintegration:imaging	disintegration imaging	eq	1.6.2

References

github.com/disintegration/imaging/issues/165

github.com/disintegration/imaging/releases/tag/v1.6.2

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GX2SYGRCNFUAGELLDOBIERCSCYSGKFY/

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

Related for CVE-2023-36308

debiancve1 nessus1 osv2 cvelist1 openvas1 fedora1 prion1 github1 ubuntucve1 nvd1 vulnrichment1