CVE-2022-41727
MEDIUMGo TIFF Decoder - Denial of Service via Malformed Image
Title source: llmDescription
An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.
References (7)
Core 7
Core References
Patch
https://go.dev/cl/468195
Issue Tracking
https://go.dev/issue/58003
Mailing List, Vendor Advisory
https://groups.google.com/g/golang-announce/c/ag-FiyjlD5o
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/KO54NBDUJXKAZNGCFOEYL2LKK2RQP6K6/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/XWH6Q7NVM4MV3GWFEU4PA67AWZHVFJQ2/
Vendor Advisory
https://pkg.go.dev/vuln/GO-2023-1572
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/XZTEP6JYILRBNDTNWTEQ5D4QUUVQBESK/
Scores
CVSS v3
5.5
EPSS
0.0002
EPSS Percentile
4.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-770
Status
published
Products (5)
fedoraproject/fedora
37
fedoraproject/fedora
38
golang/image
< 0.5.0
golang/tiff
x/image
0 - 0.5.0Go
Published
Feb 28, 2023
Tracked Since
Feb 18, 2026