CVE-2023-36308

Published: Sep 5, 2023Modified: Nov 4, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence

Affected (1)

Products: Disintegration: Imaging

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Disintegration Imaging	Version 1.6.2

Related CWEs

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (7)

https://github.com/disintegration/imaging/issues/165

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/disintegration/imaging/releases/tag/v1.6.2

Source: cve@mitre.org

Release Notes

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GX2SYGRCNFUAGELLDOBIERCSCYSGKFY/

Source: cve@mitre.org

https://github.com/disintegration/imaging/issues/165

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://github.com/disintegration/imaging/releases/tag/v1.6.2

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GX2SYGRCNFUAGELLDOBIERCSCYSGKFY/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3GX2SYGRCNFUAGELLDOBIERCSCYSGKFY/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.