7 matches found
CVE-2024-24792 Panic when parsing invalid palette-color images in golang.org/x/image
Parsing a corrupt or malicious image with invalid color indices can cause a panic...
GO-2024-2937 Panic when parsing invalid palette-color images in golang.org/x/image
Parsing a corrupt or malicious image with invalid color indices can cause a panic...
Denial Of Service (DoS)
golang.org/x/image is vulnerable to Denial of Service DoS. The vulnerability exists when reader.go parses a tiled tiff image with a height of 0, and has a very large width which results in excessive CPU consumption while decoding, possibly allowing an attacker to cause an application crash or...
CVE-2023-29408 Excessive resource consumption in golang.org/x/image/tiff
The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height, and encoded size to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU...
GO-2023-1989 Excessive resource consumption in golang.org/x/image/tiff
The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height, and encoded size to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU...
GHSA-QGC7-MGM3-Q253 Uncontrolled Resource Consumption in golang.org/x/image
An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service...
Uncontrolled Resource Consumption in golang.org/x/image
An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service...