CVE-2023-36307

Published: Sep 5, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer index out of range during a ConvertToGraphicField call) via an image of zero width. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence

Affected (1)

Products: Simonwaldherr: Zplgfa

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Simonwaldherr Zplgfa	Version 1.1.1

Related CWEs

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (2)

https://github.com/SimonWaldherr/zplgfa/pull/6

Source: cve@mitre.org

ExploitPatchThird Party Advisory

https://github.com/SimonWaldherr/zplgfa/pull/6

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

Timeline

No history available yet.