CVE-2020-29242

Name of the Vulnerable Software and Affected Versions dhowden tag versions before 0.0.0-20201120070457-d52dcb253c63 dhowden tag versions before 2020-11-19

Description The issue is due to improper bounds checking in a number of methods, which can trigger a panic via readPICFrame, readAPICFrame, or readAtomData due to attempted out-of-bounds reads. If the package is used to parse user-supplied input, this may be used as a vector for a denial of service attack.

Recommendations For dhowden tag versions before 0.0.0-20201120070457-d52dcb253c63, update to a version after 0.0.0-20201120070457-d52dcb253c63 to resolve the issue. For dhowden tag versions before 2020-11-19, update to a version after 2020-11-19 to resolve the issue. As a temporary workaround, consider restricting the use of methods that can trigger a panic due to attempted out-of-bounds reads until a patch is available. Avoid using the package to parse user-supplied input until the issue is resolved.