High severity7.5NVD Advisory· Published Jun 27, 2024· Updated Jun 17, 2026
CVE-2024-24792
CVE-2024-24792
Description
Parsing a corrupt or malicious image with invalid color indices can cause a panic.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
golang.org/x/imageGo | < 0.18.0 | 0.18.0 |
Affected products
22- osv-coords22 versionspkg:apk/chainguard/chainctlpkg:apk/chainguard/docker-credential-cgrpkg:apk/chainguard/gotenbergpkg:apk/chainguard/hugopkg:apk/chainguard/hugo-extendedpkg:apk/chainguard/mattermost-9pkg:apk/chainguard/mattermost-9-compatpkg:apk/chainguard/ollamapkg:apk/chainguard/ollama-cpupkg:apk/wolfi/hugopkg:apk/wolfi/hugo-extendedpkg:apk/wolfi/mattermost-9pkg:apk/wolfi/mattermost-9-compatpkg:apk/wolfi/ollamapkg:apk/wolfi/ollama-cpupkg:golang/golang.org/x/imagepkg:rpm/opensuse/gomuks&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/keybase-client&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/keybase-client&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/keybase-client&distro=openSUSE%20Tumbleweedpkg:rpm/suse/keybase-client&distro=SUSE%20Package%20Hub%2015%20SP5pkg:rpm/suse/keybase-client&distro=SUSE%20Package%20Hub%2015%20SP6
< 0.2.59-r0+ 21 more
- (no CPE)range: < 0.2.59-r0
- (no CPE)range: < 0.2.59-r0
- (no CPE)range: < 8.7.0-r1
- (no CPE)range: < 0.128.0-r1
- (no CPE)range: < 0.129.0-r0
- (no CPE)range: < 9.9.0-r1
- (no CPE)range: < 9.9.0-r1
- (no CPE)range: < 0.4.0-r1
- (no CPE)range: < 0.4.0-r1
- (no CPE)range: < 0.128.0-r1
- (no CPE)range: < 0.129.0-r0
- (no CPE)range: < 9.9.0-r1
- (no CPE)range: < 9.9.0-r1
- (no CPE)range: < 0.4.0-r1
- (no CPE)range: < 0.4.0-r1
- (no CPE)range: < 0.18.0
- (no CPE)range: < 0.3.0-3.1
- (no CPE)range: < 6.2.8-bp156.2.6.1
- (no CPE)range: < 6.2.8-bp156.2.6.1
- (no CPE)range: < 6.3.1-2.1
- (no CPE)range: < 6.2.8-bp156.2.6.1
- (no CPE)range: < 6.2.8-bp156.2.6.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-9phm-fm57-rhg8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-24792ghsaADVISORY
- cs.opensource.google/go/x/imageghsaPACKAGE
- go.dev/cl/588115nvdWEB
- go.dev/issue/67624nvdWEB
- pkg.go.dev/vuln/GO-2024-2937nvdWEB
News mentions
0No linked articles in our index yet.