CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
47.6%
golang.org/x/image is vulnerable to Denial of Service (DoS). The vulnerability exists when reader.go
parses a tiled tiff image with a height of 0, and has a very large width which results in excessive CPU consumption while decoding, possibly allowing an attacker to cause an application crash or application slowdowns.
github.com/advisories/GHSA-j3p8-6mrq-6g7h
github.com/golang/go/issues/61581
github.com/golang/image/commit/cb227cd2c919b27c6206fe0c1041a8bcc677949d
go-review.googlesource.com/c/image/+/514897
go.dev/cl/514897
go.dev/issue/61581
lists.fedoraproject.org/archives/list/[email protected]/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/
lists.fedoraproject.org/archives/list/[email protected]/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/
lists.fedoraproject.org/archives/list/[email protected]/message/XZTEP6JYILRBNDTNWTEQ5D4QUUVQBESK/
pkg.go.dev/vuln/GO-2023-1990
security.netapp.com/advisory/ntap-20230831-0009/