github.com/google/osv-scalibr@v0.4.1/enricher/govulncheck/source/testdata/vulndb/GO-2024-2937.json (about) 1 { 2 "id": "GO-2024-2937", 3 "summary": "Panic when parsing invalid palette-color images in golang.org/x/image", 4 "details": "Parsing a corrupt or malicious image with invalid color indices can cause a panic.", 5 "aliases": [ 6 "CVE-2024-24792", 7 "GHSA-9phm-fm57-rhg8" 8 ], 9 "modified": "2024-07-15T22:12:27.099111Z", 10 "published": "2024-06-25T22:06:09Z", 11 "related": [ 12 "CVE-2023-36308" 13 ], 14 "database_specific": { 15 "url": "https://pkg.go.dev/vuln/GO-2024-2937", 16 "review_status": "REVIEWED" 17 }, 18 "references": [ 19 { 20 "type": "FIX", 21 "url": "https://go.dev/cl/588115" 22 }, 23 { 24 "type": "REPORT", 25 "url": "https://go.dev/issue/67624" 26 } 27 ], 28 "affected": [ 29 { 30 "package": { 31 "name": "golang.org/x/image", 32 "ecosystem": "Go", 33 "purl": "pkg:golang/golang.org/x/image" 34 }, 35 "ranges": [ 36 { 37 "type": "SEMVER", 38 "events": [ 39 { 40 "introduced": "0" 41 }, 42 { 43 "fixed": "0.18.0" 44 } 45 ] 46 } 47 ], 48 "ecosystem_specific": { 49 "imports": [ 50 { 51 "path": "golang.org/x/image/tiff", 52 "symbols": [ 53 "Decode", 54 "decoder.decode" 55 ] 56 } 57 ] 58 }, 59 "database_specific": { 60 "source": "https://vuln.go.dev/ID/GO-2024-2937.json" 61 } 62 } 63 ], 64 "schema_version": "1.7.3", 65 "credits": [ 66 { 67 "name": "John Wright \u003Cjsw@google.com\u003E" 68 } 69 ] 70 }