x/vulndb: potential Go vuln in github.com/disintegration/imaging

[pic4xiu]

Description

When we use the imaging library to parse a maliciously constructed graph, the scan function of the scanner.go file will have an index out of bounds problem. The verification procedure is as follows:

package main

import (
 "image"
 "os"
 "runtime"

 "github.com/disintegration/imaging"
)

func main() {
 runtime.GOMAXPROCS(1)
 file, _ := os.Open("poc.tiff")
 src, _, err := image.Decode(file)
 if err != nil {
  return
 }
 imaging.Grayscale(src)
}

the poc.tiff is here:https://github.com/pic4xiu/pocRep/blob/main/poc.tiff

what happened

❯ go run poc.go
panic: runtime error: index out of range [70] with length 65

goroutine 3 [running]:
github.com/disintegration/imaging.(*scanner).scan(0x1400002a040, 0x0, 0x0, 0x96, 0x1, {0x140000f0000, 0x0?, 0xf168})
        /Users/**/go/pkg/mod/github.com/disintegration/[email protected]/scanner.go:242 +0x3a4
github.com/disintegration/imaging.Grayscale.func1(0x0?)
        /Users/**/go/pkg/mod/github.com/disintegration/[email protected]/adjust.go:16 +0xa0
github.com/disintegration/imaging.parallel.func1()
        /Users/**/go/pkg/mod/github.com/disintegration/[email protected]/utils.go:33 +0x5c
created by github.com/disintegration/imaging.parallel
        /Users/**/go/pkg/mod/github.com/disintegration/[email protected]/utils.go:31 +0xcc
exit status 2

Affected Modules, Packages, Versions and Symbols

Module: github.com/disintegration/imaging
Versions:
  - Introduced: 1.6.2
Symbols:
  - scan

CVE/GHSA ID

No response

Fix Commit or Pull Request

No response

References

• Specific image will cause the index of the scan function in scanner.go to go out of bounds disintegration/imaging#165

Additional information

No response