|author||Damien Neil <firstname.lastname@example.org>||Fri Jul 07 11:28:45 2023 -0700|
|committer||Gopher Robot <email@example.com>||Tue Aug 01 17:46:51 2023 +0000|
tiff: limit work when decoding malicious images Fix two paths by which a malicious image could cause unreasonable amounts of CPU consumption while decoding. Avoid iterating over every horizontal pixel when decoding a 0-height tiled image. Limit the amount of data that will be decompressed per tile. Thanks to Philippe Antoine (Catena cyber) for reporting this issue. Fixes CVE-2023-29407 Fixes CVE-2023-29408 Fixes golang/go#61581 Fixes golang/go#61582 Change-Id: I8cbb26fa06843c6fe9fa99810cb1315431fa7d1d Reviewed-on: https://go-review.googlesource.com/c/image/+/514897 Reviewed-by: Roland Shoemaker <firstname.lastname@example.org> TryBot-Result: Gopher Robot <email@example.com> Auto-Submit: Damien Neil <firstname.lastname@example.org> Run-TryBot: Damien Neil <email@example.com>
This repository holds supplementary Go image libraries.
The easiest way to install is to run
go get -u golang.org/x/image/.... You can also manually git clone the repository to
This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html.
The main issue tracker for the image repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/image:” in the subject line, so it is easy to find.