Описание
A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.
A flaw was found in the Golang tiff package, where it is vulnerable to a denial of service caused by an excessive iteration flaw. By persuading a victim to open a specially crafted image file, a remote attacker can cause excessive CPU consumption in decoding, resulting in a denial of service condition.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | acm-cluster-templates-operator-container | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.
A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.
A maliciously-crafted image can cause excessive CPU consumption in dec ...
Golang TIFF decoder vulnerable to excessive CPU consumption
Уязвимость декодера языка программирования Golang, связанная с чрезмерными итерациями, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
6.5 Medium
CVSS3