Back to bug 2228742

Who	When	What	Removed	Added
Avinash Hanwate	2023-08-03 07:07:04 UTC	CC		gparvin, njean, owatkins, pahickey, stcannon, teagle
Avinash Hanwate	2023-08-03 07:10:31 UTC	Alias	CVE-2023-29408	TRIAGE-CVE-2023-29408
		Summary	CVE-2023-29408 golang.org/x/image/tiff: TIFF decoder does not place a limit on the size of compressed tile data	TRIAGE-CVE-2023-29408 golang.org/x/image/tiff: TIFF decoder does not place a limit on the size of compressed tile data
Avinash Hanwate	2023-08-07 06:02:13 UTC	Doc Text		Golang tiff package is vulnerable to a denial of service, caused by not placing a limit on the size of compressed tile data. By persuading a victim to open a specially crafted image file, a remote attacker could exploit this vulnerability to cause excessive memory and CPU consumption in decoding, and results in a denial of service condition.
		Fixed In Version		golang.org/x/image/tiff 0.10.0
		Alias	TRIAGE-CVE-2023-29408	CVE-2023-29408
		Summary	TRIAGE-CVE-2023-29408 golang.org/x/image/tiff: TIFF decoder does not place a limit on the size of compressed tile data	CVE-2023-29408 golang.org/x/image/tiff: TIFF decoder does not place a limit on the size of compressed tile data
Avinash Hanwate	2023-08-07 06:03:18 UTC	Depends On		2229617, 2229618
RaTasha Tillery-Smith	2023-08-07 13:03:38 UTC	Doc Text	Golang tiff package is vulnerable to a denial of service, caused by not placing a limit on the size of compressed tile data. By persuading a victim to open a specially crafted image file, a remote attacker could exploit this vulnerability to cause excessive memory and CPU consumption in decoding, and results in a denial of service condition.	A flaw was found in the Golang tiff package, where it is vulnerable to a denial of service caused by not limiting the size of compressed tile data. By persuading a victim to open a specially crafted image file, a remote attacker can cause excessive memory and CPU consumption in decoding, resulting in a denial of service condition.

Back to bug 2228742