CVE-2022-41727
Summary
| CVE | CVE-2022-41727 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-02-28 18:15:00 UTC |
|---|
| Updated | 2023-11-07 03:52:00 UTC |
|---|
| Description | An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] Fedora 37 Update: golang-x-image-0.13.0-1.fc37 - package-announce - Fedora Mailing-Lists |
MISC |
lists.fedoraproject.org |
|
| go.dev/cl/468195 |
MISC |
go.dev |
|
| [security] Vulnerability in golang.org/x/image/tiff |
MISC |
groups.google.com |
|
| [SECURITY] Fedora 38 Update: golang-x-image-0.13.0-1.fc38 - package-announce - Fedora Mailing-Lists |
MISC |
lists.fedoraproject.org |
|
| x/image/tiff: over allocation in DecodeConfig (CVE-2022-41727) · Issue #58003 · golang/go · GitHub |
MISC |
go.dev |
|
| [SECURITY] Fedora 39 Update: golang-x-image-0.13.0-1.fc39 - package-announce - Fedora Mailing-Lists |
MISC |
lists.fedoraproject.org |
|
| GO-2023-1572 - Go Packages |
MISC |
pkg.go.dev |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 182386 Debian Security Update for golang-golang-x-image (CVE-2022-41727)
- 284634 Fedora Security Update for golang (FEDORA-2023-4d95d44e7b)
- 284635 Fedora Security Update for golang (FEDORA-2023-c862a1e289)
- 285210 Fedora Security Update for golang (FEDORA-2023-28cff1a2de)
