Lucene search

GitHub Advisory DatabaseGHSA-Q7PP-WCGR-PFFX

HistorySep 05, 2023 - 6:30 a.m.

Crash when processing crafted TIFF files

2023-09-0506:30:14

CWE-129

GitHub Advisory Database

github.com

tiff files

disintegration imaging 1.6.2

panic

crafted files

security consequence

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

Disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence

Affected configurations

Vulners

Node

disintegrationimagingRange≤1.6.2go

CPENameOperatorVersion
github.com/disintegration/imagingle1.6.2

CPE	Name	Operator	Version
	github.com/disintegration/imaging	le	1.6.2

References

github.com/advisories/GHSA-q7pp-wcgr-pffx

github.com/disintegration/imaging/issues/165

github.com/disintegration/imaging/releases/tag/v1.6.2

nvd.nist.gov/vuln/detail/CVE-2023-36308

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

Related for GHSA-Q7PP-WCGR-PFFX