{"id":"GO-2023-1990","summary":"Excessive CPU consumption when decoding 0-height images in golang.org/x/image/tiff","details":"A maliciously-crafted image can cause excessive CPU consumption in decoding.\n\nA tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.","aliases":["CVE-2023-29407","GHSA-j3p8-6mrq-6g7h"],"modified":"2024-05-20T16:03:47Z","published":"2023-08-02T15:06:21Z","database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2023-1990"},"references":[{"type":"REPORT","url":"https://go.dev/issue/61581"},{"type":"FIX","url":"https://go.dev/cl/514897"}],"affected":[{"package":{"name":"golang.org/x/image","ecosystem":"Go","purl":"pkg:golang/golang.org/x/image"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.10.0"}]}],"ecosystem_specific":{"imports":[{"symbols":["Decode","DecodeConfig","newDecoder"],"path":"golang.org/x/image/tiff"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2023-1990.json"}}],"schema_version":"1.7.3","credits":[{"name":"Philippe Antoine (Catena cyber)"}]}