VDB

CISA-2022-41727

CISA-2022-41727 PUBLISHED

Reported by Go · Published February 28, 2023

An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.

Affected Products

VendorProductVersions
golang.org/x/imagegolang.org/x/image/tiff0
golang.org/x/imagegolang.org/x/image/tiff0, 0

Timeline

  • Feb 28, 2023 CVE Published
  • Mar 7, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›