Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14Z21tLTN2dnItNmM4as4AA1rU
Index out of bounds leading to crash
ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer index out of range during a ConvertToGraphicField call) via an image of zero width. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence
Permalink: https://github.com/advisories/GHSA-xgmm-3vvr-6c8jJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14Z21tLTN2dnItNmM4as4AA1rU
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 8 months ago
Updated: about 2 months ago
CVSS Score: 5.5
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Identifiers: GHSA-xgmm-3vvr-6c8j, CVE-2023-36307
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-36307
- https://github.com/SimonWaldherr/zplgfa/pull/6
- https://github.com/SimonWaldherr/zplgfa/commit/c0d018ffa921cd2460b80f766b7969fbe63678fc
- https://github.com/advisories/GHSA-xgmm-3vvr-6c8j
Blast Radius: 1.0
Affected Packages
go:simonwaldherr.de/go/zplgfa
Dependent packages: 4Dependent repositories: 0
Downloads:
Affected Version Ranges: <= 1.1.1
No known fixed version
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.1.0, 1.1.1