Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-x92r-3vfx-4cv3

GitHub Security Advisory

Golang TIFF decoder does not place a limit on the size of compressed tile data

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU.

Affected Packages

Go golang.org/x/image
Affected versions: 0 (fixed in 0.10.0)

Related CVEs

CVE-2023-29408

Key Information

GHSA ID
GHSA-x92r-3vfx-4cv3
Published
August 2, 2023 9:30 PM
Last Modified
May 20, 2024 9:54 PM
CVSS Score
5.0 /10
Primary Ecosystem
Go
Primary Package
golang.org/x/image
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 19, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.