CVE-2024-24792: Panic when parsing invalid palette-color images in golang.org/x/image

June 26, 2024

Parsing a corrupt or malicious image with invalid color indices can cause a panic.

References

cs.opensource.google/go/x/image
github.com/advisories/GHSA-9phm-fm57-rhg8
go.dev/cl/588115
go.dev/issue/67624
nvd.nist.gov/vuln/detail/CVE-2024-24792
pkg.go.dev/vuln/GO-2024-2937

Code Behaviors & Features

Detect and mitigate CVE-2024-24792 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →