CVE-2022-41727

Опубликовано: 28 фев. 2023

Источник: debian

EPSS Низкий

Описание

An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
golang-golang-x-image	fixed	0.5.0-1		package
golang-golang-x-image	no-dsa		bullseye	package
golang-golang-x-image	postponed		buster	package

EPSS

Процентиль: 4%

0.00017

Низкий

Связанные уязвимости

CVE-2022-41727

CVSS3: 5.5

ubuntu

около 3 лет назад

An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.

CVE-2022-41727

CVSS3: 5.5

redhat

около 3 лет назад

An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.

CVE-2022-41727

CVSS3: 5.5

nvd

около 3 лет назад

An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.

GHSA-qgc7-mgm3-q253

CVSS3: 5.5

github

около 3 лет назад

Uncontrolled Resource Consumption in golang.org/x/image

BDU:2023-07980

CVSS3: 5.5

fstec

около 3 лет назад

Уязвимость компонента DecodeConfig языка программирования Golang, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 4%

0.00017

Низкий