data/reports/GO-2023-1572.yaml - vulndb - Git at Google

 modules:
   - module: golang.org/x/image
     versions:
       - fixed: 0.5.0
     vulnerable_at: 0.4.0
     packages:
       - package: golang.org/x/image/tiff
         symbols:
           - decoder.ifdUint
           - newDecoder
           - Decode
         derived_symbols:
           - DecodeConfig
 description: |
     An attacker can craft a malformed TIFF image which will consume a
     significant amount of memory when passed to DecodeConfig. This could
     lead to a denial of service.
 ghsas:
   - GHSA-qgc7-mgm3-q253
 credit: Philippe Antoine (Catena cyber) and OSS Fuzz
 references:
   - report: https://go.dev/issue/58003
   - fix: https://go.dev/cl/468195
   - web: https://groups.google.com/g/golang-announce/c/ag-FiyjlD5o
 cve_metadata:
     id: CVE-2022-41727
     cwe: 'CWE-400: Uncontrolled Resource Consumption'
	modules:
	- module: golang.org/x/image
	versions:
	- fixed: 0.5.0
	vulnerable_at: 0.4.0
	packages:
	- package: golang.org/x/image/tiff
	symbols:
	- decoder.ifdUint
	- newDecoder
	- Decode
	derived_symbols:
	- DecodeConfig
	description: \|
	An attacker can craft a malformed TIFF image which will consume a
	significant amount of memory when passed to DecodeConfig. This could
	lead to a denial of service.
	ghsas:
	- GHSA-qgc7-mgm3-q253
	credit: Philippe Antoine (Catena cyber) and OSS Fuzz
	references:
	- report: https://go.dev/issue/58003
	- fix: https://go.dev/cl/468195
	- web: https://groups.google.com/g/golang-announce/c/ag-FiyjlD5o
	cve_metadata:
	id: CVE-2022-41727
	cwe: 'CWE-400: Uncontrolled Resource Consumption'