We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
to your account
Decoding a 0-height tiled TIFF image iterates over every horizontal pixel. A maliciously-crafted 0-height, max-width image can force 2^32 loop iterations and a substantial amount of CPU consumption.
Thanks to Philippe Antoine (Catena cyber) for reporting this issue.
This is CVE-2023-29407.
This is a PRIVATE issue for CVE-2023-29407, tracked in http://b/279483698 and fixed by http://tg/1944079.
/cc @golang/security and @golang/release
The text was updated successfully, but these errors were encountered:
Change https://go.dev/cl/514897 mentions this issue: tiff: limit work when decoding malicious images
tiff: limit work when decoding malicious images
Sorry, something went wrong.
No branches or pull requests