Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.

...

2 commits
5 files changed
2 contributors

Commits on Jun 4, 2024

go.mod: update golang.org/x dependencies

Update golang.org/x dependencies to their latest tagged versions.

Change-Id: Iae53a313887f9b3da122cc98ef7c173afdeaff88
Reviewed-on: https://go-review.googlesource.com/c/image/+/590217
Auto-Submit: Gopher Robot <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Than McIntosh <[email protected]>

gopherbot committed Jun 4, 2024

Commits on Jun 18, 2024

tiff: Validate palette indices when parsing palette-color images

The existing implementation will succeed to parse a corrupt or malicious
image with color indices out of range of the actual palette, which will
eventually result in a panic when the consumer tries to read the color
at any corrupted pixel.

This issue was originally discovered and filed against a downstream
library: disintegration/imaging#165. This is
also referenced in https://osv.dev/vulnerability/GHSA-q7pp-wcgr-pffx.

Fixes golang/go#67624

Change-Id: I7d7577adb7d549ecfcd59e84e04a92d198d94c18
Reviewed-on: https://go-review.googlesource.com/c/image/+/588115
Auto-Submit: Damien Neil <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Damien Neil <[email protected]>

jswright authored and gopherbot committed Jun 18, 2024