A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.
References
Link | Resource |
---|---|
https://go.dev/cl/514897 | Patch |
https://go.dev/issue/61581 | Issue Tracking Vendor Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/ | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/ | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZTEP6JYILRBNDTNWTEQ5D4QUUVQBESK/ | |
https://pkg.go.dev/vuln/GO-2023-1990 | Issue Tracking Patch Vendor Advisory |
https://security.netapp.com/advisory/ntap-20230831-0009/ | Third Party Advisory |
Configurations
History
03 Nov 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Nov 2023, 01:24
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject
Fedoraproject fedora |
|
CPE | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
|
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/ - Mailing List, Third Party Advisory | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/ - Mailing List, Third Party Advisory | |
References | (MISC) https://security.netapp.com/advisory/ntap-20230831-0009/ - Third Party Advisory |
16 Oct 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Aug 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Aug 2023, 18:32
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-834 | |
CPE | cpe:2.3:a:golang:image:*:*:*:*:*:go:*:* | |
References | (MISC) https://go.dev/cl/514897 - Patch | |
References | (MISC) https://pkg.go.dev/vuln/GO-2023-1990 - Issue Tracking, Patch, Vendor Advisory | |
References | (MISC) https://go.dev/issue/61581 - Issue Tracking, Vendor Advisory | |
First Time |
Golang image
Golang |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
02 Aug 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-02 20:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-29407
Mitre link : CVE-2023-29407
CVE.ORG link : CVE-2023-29407
JSON object : View
Products Affected
golang
- image
fedoraproject
- fedora
CWE
CWE-834
Excessive Iteration