Improper Validation of Array Index
CVE-2023-36307
Summary
ZPLGFA allows attackers to cause a panic (because of an integer index out of range during a "ConvertToGraphicField" call) via an image of zero width. This issue affects versions prior to 1.2. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence.
- LOW
- LOCAL
- NONE
- UNCHANGED
- REQUIRED
- NONE
- NONE
- HIGH
CWE-129 - Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
References
Advisory Timeline
- Published