github.com/golang/image is vulnerable to Denial of Service (DoS) attacks. An attacker is able to consume a significant amount of memory through the DecodeConfig
component when passed a malformed TIFF image, resulting in an application crash.
github.com/golang/go/issues/58003
github.com/golang/image/commit/e6c2a4cdd539b91fd11131f9eecf9bb5087ab55f
go.dev/cl/468195
go.dev/issue/58003
groups.google.com/g/golang-announce/c/ag-FiyjlD5o
lists.fedoraproject.org/archives/list/[email protected]/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/
lists.fedoraproject.org/archives/list/[email protected]/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/
lists.fedoraproject.org/archives/list/[email protected]/message/XZTEP6JYILRBNDTNWTEQ5D4QUUVQBESK/
pkg.go.dev/vuln/GO-2023-1572