CVE-2023-29407
Summary
| CVE | CVE-2023-29407 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-08-02 20:15:00 UTC |
|---|
| Updated | 2023-11-07 04:11:00 UTC |
|---|
| Description | A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| 404 Not Found - Go Packages |
MISC |
pkg.go.dev |
|
| go.dev/cl/514897 |
MISC |
go.dev |
|
| x/image/tiff: excessive CPU consumption from no-op loop iterations [CVE-2023-29407] · Issue #61581 · golang/go · GitHub |
MISC |
go.dev |
|
| [SECURITY] Fedora 37 Update: golang-x-image-0.13.0-1.fc37 - package-announce - Fedora Mailing-Lists |
MISC |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 38 Update: golang-x-image-0.13.0-1.fc38 - package-announce - Fedora Mailing-Lists |
MISC |
lists.fedoraproject.org |
|
| August 2023 Golang Vulnerabilities in NetApp Products | NetApp Product Security |
MISC |
security.netapp.com |
|
| [SECURITY] Fedora 39 Update: golang-x-image-0.13.0-1.fc39 - package-announce - Fedora Mailing-Lists |
MISC |
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 284634 Fedora Security Update for golang (FEDORA-2023-4d95d44e7b)
- 284635 Fedora Security Update for golang (FEDORA-2023-c862a1e289)
- 285210 Fedora Security Update for golang (FEDORA-2023-28cff1a2de)
- 995812 GO (Go) Security Update for golang.org/x/image (GHSA-j3p8-6mrq-6g7h)
