Low severityNVD Advisory· Published Sep 5, 2023· Updated Nov 4, 2025
CVE-2023-36308
CVE-2023-36308
Description
disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/disintegration/imagingGo | <= 1.6.2 | — |
Affected products
20- disintegration Imaging/disintegration Imagingdescription
- osv-coords19 versionspkg:apk/chainguard/gitlab-ee-fips-17.5pkg:apk/chainguard/gitlab-workhorse-ee-fips-17.5pkg:apk/chainguard/mattermost-10.3pkg:apk/chainguard/mattermost-10.3-compatpkg:apk/chainguard/mattermost-10.4pkg:apk/chainguard/mattermost-10.4-compatpkg:apk/chainguard/mattermost-10.5pkg:apk/chainguard/mattermost-10.5-compatpkg:apk/chainguard/mattermost-9.11pkg:apk/chainguard/mattermost-9.11-compatpkg:apk/chainguard/seaweedfs-operatorpkg:apk/chainguard/seaweedfs-operator-fipspkg:apk/wolfi/mattermost-10.3pkg:apk/wolfi/mattermost-10.3-compatpkg:apk/wolfi/mattermost-10.4pkg:apk/wolfi/mattermost-10.4-compatpkg:apk/wolfi/mattermost-10.5pkg:apk/wolfi/mattermost-10.5-compatpkg:golang/github.com/disintegration/imaging
< 17.5.5-r2+ 18 more
- (no CPE)range: < 17.5.5-r2
- (no CPE)range: < 17.5.5-r2
- (no CPE)range: < 10.3.4-r0
- (no CPE)range: < 10.3.4-r0
- (no CPE)range: < 10.4.3-r0
- (no CPE)range: < 10.4.3-r0
- (no CPE)range: < 10.5.1-r0
- (no CPE)range: < 10.5.1-r0
- (no CPE)range: < 9.11.9-r0
- (no CPE)range: < 9.11.9-r0
- (no CPE)range: < 1.0.6-r0
- (no CPE)range: < 1.0.6-r0
- (no CPE)range: < 10.3.4-r0
- (no CPE)range: < 10.3.4-r0
- (no CPE)range: < 10.4.3-r0
- (no CPE)range: < 10.4.3-r0
- (no CPE)range: < 10.5.1-r0
- (no CPE)range: < 10.5.1-r0
- (no CPE)range: <= 1.6.2
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-q7pp-wcgr-pffxghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GX2SYGRCNFUAGELLDOBIERCSCYSGKFY/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2023-36308ghsaADVISORY
- github.com/disintegration/imagingghsaPACKAGE
- github.com/disintegration/imaging/issues/165ghsaWEB
- github.com/disintegration/imaging/releases/tag/v1.6.2ghsaWEB
News mentions
0No linked articles in our index yet.