CVE-2023-36308

Name of the Vulnerable Software and Affected Versions Disintegration Imaging version 1.6.2

Description The issue allows attackers to cause a panic due to an integer index out of range during a Grayscale call via a crafted TIFF file to the scan function of scanner.go. It is unclear whether there are common use cases in which this panic could have any security consequence. Parsing a corrupt or malicious image with invalid color indices can also cause a panic.

Recommendations For Disintegration Imaging version 1.6.2, as a temporary workaround, consider disabling the Grayscale call or restricting the use of the scan function in scanner.go until a patch is available. Avoid using the scan function with crafted TIFF files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.