Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS14Z21tLTN2dnItNmM4as4AA1rU

Index out of bounds leading to crash

ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer index out of range during a ConvertToGraphicField call) via an image of zero width. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence

Permalink: https://github.com/advisories/GHSA-xgmm-3vvr-6c8j
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14Z21tLTN2dnItNmM4as4AA1rU
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 8 months ago
Updated: about 1 month ago


CVSS Score: 5.5
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Identifiers: GHSA-xgmm-3vvr-6c8j, CVE-2023-36307
References: Repository: https://github.com/SimonWaldherr/zplgfa
Blast Radius: 1.0

Affected Packages

go:simonwaldherr.de/go/zplgfa
Dependent packages: 4
Dependent repositories: 0
Downloads:
Affected Version Ranges: <= 1.1.1
No known fixed version
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.1.0, 1.1.1