Skip to content

Panic when parsing invalid palette-color images in golang.org/x/image

Moderate severity GitHub Reviewed Published Jun 26, 2024 to the GitHub Advisory Database • Updated Jun 27, 2024

Package

gomod golang.org/x/image (Go)

Affected versions

< 0.18.0

Patched versions

0.18.0

Description

Parsing a corrupt or malicious image with invalid color indices can cause a panic.

References

Published to the GitHub Advisory Database Jun 26, 2024
Reviewed Jun 26, 2024
Published by the National Vulnerability Database Jun 27, 2024
Last updated Jun 27, 2024

Severity

Moderate

Weaknesses

CVE ID

CVE-2024-24792

GHSA ID

GHSA-9phm-fm57-rhg8

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.