Skip to content

x/image/tiff: excessive CPU consumption from no-op loop iterations [CVE-2023-29407] #61581

New issue
New issue
Closed
Closed
x/image/tiff: excessive CPU consumption from no-op loop iterations [CVE-2023-29407]#61581
Assignees
neild
Labels
FrozenDueToAgeNeedsFixThe path to resolution is known, but the work has not been done.Security
Milestone
Unreleased
@neild

Description

@neild
neild
opened on Jul 25, 2023

Decoding a 0-height tiled TIFF image iterates over every horizontal pixel. A maliciously-crafted 0-height, max-width image can force 2^32 loop iterations and a substantial amount of CPU consumption.

Thanks to Philippe Antoine (Catena cyber) for reporting this issue.

This is CVE-2023-29407.

This is a PRIVATE issue for CVE-2023-29407, tracked in http://b/279483698 and fixed by http://tg/1944079.

/cc @golang/security and @golang/release

Metadata

Metadata

Assignees

Labels

FrozenDueToAgeNeedsFixThe path to resolution is known, but the work has not been done.Security

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions