GoLang Image
By the Year
In 2024 there have been 0 vulnerabilities in GoLang Image . Last year Image had 3 security vulnerabilities published. Right now, Image is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 3 | 6.17 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Image vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent GoLang Image Security Vulnerabilities
The TIFF decoder does not place a limit on the size of compressed tile data
CVE-2023-29408
6.5 - Medium
- August 02, 2023
The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU.
Allocation of Resources Without Limits or Throttling
A maliciously-crafted image can cause excessive CPU consumption in decoding
CVE-2023-29407
6.5 - Medium
- August 02, 2023
A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.
Excessive Iteration
An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig
CVE-2022-41727
5.5 - Medium
- February 28, 2023
An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.
Allocation of Resources Without Limits or Throttling
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Fedora Project Fedora or by GoLang? Click the Watch button to subscribe.
