[security] Vulnerability in golang.org/x/image/tiff
506 views
Skip to first unread message
Roland Shoemaker
Feb 14, 2023, 1:24:34 PM2/14/23
to golang-...@googlegroups.com
Hello gophers,
Version v0.5.0 of golang.org/x/image fixes a vulnerability in the golang.org/x/image/tiff package which could cause a denial of service.
An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig.
This issue was discovered by OSS-Fuzz and reported to us by Philippe Antoine (Catena cyber), and is tracked as CVE-2022-41727 and https://go.dev/issue/58003.
Cheers,
Roland on behalf of the Go team
Version v0.5.0 of golang.org/x/image fixes a vulnerability in the golang.org/x/image/tiff package which could cause a denial of service.
An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig.
This issue was discovered by OSS-Fuzz and reported to us by Philippe Antoine (Catena cyber), and is tracked as CVE-2022-41727 and https://go.dev/issue/58003.
Cheers,
Roland on behalf of the Go team
Reply all
Reply to author
Forward
0 new messages