An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.

Affected Packages

Go golang.org/x/image

Affected versions: 0 (fixed in 0.5.0)

Related CVEs

CVE-2022-41727

Key Information

GHSA ID

GHSA-qgc7-mgm3-q253

Published

February 17, 2023 1:59 PM

Last Modified

May 20, 2024 9:46 PM

CVSS Score

5.0 /10

Primary Ecosystem

Primary Package

golang.org/x/image

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 19, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.