Lucene search

[email protected]NVD:CVE-2023-36308

HistorySep 05, 2023 - 4:15 a.m.

CVE-2023-36308

2023-09-0504:15:08

CWE-129

[email protected]

web.nvd.nist.gov

disintegration imaging

integer index

tiff file

vulnerability

scan function

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.3

Confidence

High

EPSS

Percentile

10.3%

JSON

disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence

Affected configurations

Nvd

Node

disintegrationimagingMatch1.6.2go

VendorProductVersionCPE
disintegrationimaging1.6.2cpe:2.3:a:disintegration:imaging:1.6.2:*:*:*:*:go:*:*

Vendor	Product	Version	CPE
disintegration	imaging	1.6.2	cpe:2.3:a:disintegration:imaging:1.6.2:::::go::

References

github.com/disintegration/imaging/issues/165

github.com/disintegration/imaging/releases/tag/v1.6.2

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GX2SYGRCNFUAGELLDOBIERCSCYSGKFY/

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.3

Confidence

High

EPSS

Percentile

10.3%

JSON

Related for NVD:CVE-2023-36308

nessus1 debiancve1 cve1 prion1 ubuntucve1 vulnrichment1 osv2 fedora1 cvelist1 openvas1 github1