Skip to main content

Improper Validation of Array Index

CVE-2023-36307

Severity Medium
Score 5.5/10

Summary

ZPLGFA allows attackers to cause a panic (because of an integer index out of range during a "ConvertToGraphicField" call) via an image of zero width. This issue affects versions prior to 1.2. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • REQUIRED
  • NONE
  • NONE
  • HIGH

CWE-129 - Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

Advisory Timeline

  • Published