v0.10.0
neild
tagged this
01 Aug 17:46
Fix two paths by which a malicious image could cause unreasonable amounts of CPU consumption while decoding. Avoid iterating over every horizontal pixel when decoding a 0-height tiled image. Limit the amount of data that will be decompressed per tile. Thanks to Philippe Antoine (Catena cyber) for reporting this issue. Fixes CVE-2023-29407 Fixes CVE-2023-29408 Fixes golang/go#61581 Fixes golang/go#61582 Change-Id: I8cbb26fa06843c6fe9fa99810cb1315431fa7d1d Reviewed-on: https://go-review.googlesource.com/c/image/+/514897 Reviewed-by: Roland Shoemaker <roland@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Damien Neil <dneil@google.com> Run-TryBot: Damien Neil <dneil@google.com>
Assets 2
-
2023-08-01T17:46:51Z -
2023-08-01T17:46:51Z -