CVE-2022-41727 Denial of service via crafted TIFF image in golang.org/x/image/tiff

2023-02-2817:19:47

www.cve.org

tiff image

golang.org

denial of service

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

39.6%

JSON

An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.

CNA Affected

[
  {
    "vendor": "golang.org/x/image",
    "product": "golang.org/x/image/tiff",
    "collectionURL": "https://pkg.go.dev",
    "packageName": "golang.org/x/image/tiff",
    "versions": [
      {
        "version": "0",
        "lessThan": "0.5.0",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "programRoutines": [
      {
        "name": "decoder.ifdUint"
      },
      {
        "name": "newDecoder"
      },
      {
        "name": "Decode"
      },
      {
        "name": "DecodeConfig"
      }
    ],
    "defaultStatus": "unaffected"
  }
]