Fix vulnerability that allows attackers to cause a panic via a crafted TIFF...

Fix vulnerability that allows attackers to cause a panic via a crafted TIFF file to the scan function of scanner.go (CVE-2023-36308) Closes: #1069062

Fix vulnerability that allows attackers to cause a panic via a crafted TIFF...
24e17d9e · Maytham Alsudany · b2b96e76 · 24e17d9e · 24e17d9e
Verified Commit 24e17d9e authored 1 year ago by Maytham Alsudany
--- a/debian/patches/CVE-2023-36308.patch
+++ b/debian/patches/CVE-2023-36308.patch
+From: Kovid Goyal <kovid@kovidgoyal.net>
+Origin: other, https://github.com/disintegration/imaging/commit/68f6e7d85d4eded72af15aa66f93a74a7f4b8fcd
+Bug: https://github.com/disintegration/imaging/issues/165
+Bug-Debian: https://bugs.debian.org/1069062
+Acked-by: Maytham Alsudany <maytha8thedev@gmail.com>
+Subject: [PATCH] Fix CVE-2023-36308
+
+---
+ scanner.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/scanner.go b/scanner.go
+index 37d92ce..84de2fc 100644
+--- a/scanner.go
+++ b/scanner.go
+@@ -18,7 +18,7 @@ func newScanner(img image.Image) *scanner {
+ 		h:     img.Bounds().Dy(),
+ 	}
+ 	if img, ok := img.(*image.Paletted); ok {
+-		s.palette = make([]color.NRGBA, len(img.Palette))
+		s.palette = make([]color.NRGBA, max(256, len(img.Palette)))
+ 		for i := 0; i < len(img.Palette); i++ {
+ 			s.palette[i] = color.NRGBAModel.Convert(img.Palette[i]).(color.NRGBA)
+ 		}
--- a/debian/patches/series
+++ b/debian/patches/series
+CVE-2023-36308.patch