Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2023-29408
PUBLISHED
More InfoOfficial Page
Assigner-Go
Assigner Org ID-1bb62c36-49e3-4200-9d77-64a1400537cc
View Known Exploited Vulnerability (KEV) details
Published At-02 Aug, 2023 | 19:52
Updated At-13 Feb, 2025 | 16:49
Rejected At-
▼CVE Numbering Authority (CNA)
Excessive resource consumption in golang.org/x/image/tiff

The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU.

Affected Products
Vendor
golang.org/x/image
Product
golang.org/x/image/tiff
Collection URL
https://pkg.go.dev
Package Name
golang.org/x/image/tiff
Program Routines
  • newDecoder
  • Decode
  • DecodeConfig
Default Status
unaffected
Versions
Affected
  • From 0 before 0.10.0 (semver)
Problem Types
TypeCWE IDDescription
N/AN/ACWE-770: Allocation of Resources Without Limits or Throttling
Type: N/A
CWE ID: N/A
Description: CWE-770: Allocation of Resources Without Limits or Throttling
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Philippe Antoine (Catena cyber)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://go.dev/issue/61582
N/A
https://go.dev/cl/514897
N/A
https://pkg.go.dev/vuln/GO-2023-1989
N/A
https://security.netapp.com/advisory/ntap-20230831-0009/
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZTEP6JYILRBNDTNWTEQ5D4QUUVQBESK/
N/A
Hyperlink: https://go.dev/issue/61582
Resource: N/A
Hyperlink: https://go.dev/cl/514897
Resource: N/A
Hyperlink: https://pkg.go.dev/vuln/GO-2023-1989
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20230831-0009/
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZTEP6JYILRBNDTNWTEQ5D4QUUVQBESK/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://go.dev/issue/61582
x_transferred
https://go.dev/cl/514897
x_transferred
https://pkg.go.dev/vuln/GO-2023-1989
x_transferred
https://security.netapp.com/advisory/ntap-20230831-0009/
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZTEP6JYILRBNDTNWTEQ5D4QUUVQBESK/
x_transferred
Hyperlink: https://go.dev/issue/61582
Resource:
x_transferred
Hyperlink: https://go.dev/cl/514897
Resource:
x_transferred
Hyperlink: https://pkg.go.dev/vuln/GO-2023-1989
Resource:
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20230831-0009/
Resource:
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/
Resource:
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/
Resource:
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZTEP6JYILRBNDTNWTEQ5D4QUUVQBESK/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found