Back to bug 2228735
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Avinash Hanwate | 2023-08-03 07:05:06 UTC | CC | gparvin, njean, owatkins, pahickey, stcannon, teagle | |
| Pedro Sampaio | 2023-08-03 13:28:51 UTC | Priority | medium | low |
| Severity | medium | low | ||
| Avinash Hanwate | 2023-08-07 05:57:20 UTC | Summary | TRIAGE-CVE-2023-29407 golang.org/x/image/tiff: excessive CPU consumption in decoding | CVE-2023-29407 golang.org/x/image/tiff: excessive CPU consumption in decoding |
| Priority | low | medium | ||
| Fixed In Version | golang.org/x/image/tiff 0.10.0 | |||
| Alias | TRIAGE-CVE-2023-29407 | CVE-2023-29407 | ||
| Doc Text | Golang tiff package is vulnerable to a denial of service, caused by an excessive iteration flaw. By persuading a victim to open a specially crafted image file, a remote attacker could exploit this vulnerability to cause excessive CPU consumption in decoding, and results in a denial of service condition. | |||
| Severity | low | medium | ||
| Avinash Hanwate | 2023-08-07 05:58:01 UTC | Depends On | 2229613, 2229614 | |
| RaTasha Tillery-Smith | 2023-08-07 13:00:39 UTC | Doc Text | Golang tiff package is vulnerable to a denial of service, caused by an excessive iteration flaw. By persuading a victim to open a specially crafted image file, a remote attacker could exploit this vulnerability to cause excessive CPU consumption in decoding, and results in a denial of service condition. | A flaw was found in the Golang tiff package, which is vulnerable to a denial of service caused by an excessive iteration flaw. By persuading a victim to open a specially crafted image file, a remote attacker can cause excessive CPU consumption in decoding, resulting in a denial of service condition. |
| RaTasha Tillery-Smith | 2023-08-07 13:02:21 UTC | Doc Text | A flaw was found in the Golang tiff package, which is vulnerable to a denial of service caused by an excessive iteration flaw. By persuading a victim to open a specially crafted image file, a remote attacker can cause excessive CPU consumption in decoding, resulting in a denial of service condition. | A flaw was found in the Golang tiff package, where it is vulnerable to a denial of service caused by an excessive iteration flaw. By persuading a victim to open a specially crafted image file, a remote attacker can cause excessive CPU consumption in decoding, resulting in a denial of service condition. |
Back to bug 2228735