Описание
A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-golang-x-image | fixed | 0.11.0-1 | package | |
| golang-golang-x-image | no-dsa | bookworm | package | |
| golang-golang-x-image | no-dsa | bullseye | package | |
| golang-golang-x-image | no-dsa | buster | package |
Примечания
https://go.dev/issue/61581
https://go.dev/cl/514897
https://github.com/golang/image/commit/cb227cd2c919b27c6206fe0c1041a8bcc677949d (v0.10.0)
Связанные уязвимости
A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.
A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.
A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.
Golang TIFF decoder vulnerable to excessive CPU consumption
Уязвимость декодера языка программирования Golang, связанная с чрезмерными итерациями, позволяющая нарушителю вызвать отказ в обслуживании