GHSA-q675-qj96-32m9HighCVSS 7.5
golang.org/x/image/tiff has excessive resource consumption in PackBits decompression
🔗 CVE IDs covered (1)
📋 Description
The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height and encoded size) to make the decoder decode large amounts of compressed data.
🎯 Affected products1
- go/golang.org/x/image:< 0.41.0