Go TIFF DecodeConfig Mem Exhaustion DoS
CVE-2022-41727 Published on February 28, 2023

Denial of service via crafted TIFF image in golang.org/x/image/tiff
An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.

NVD

Products Associated with CVE-2022-41727

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-41727 are published in these products:

GoLang Image

GoLang Tiff

Fedora Project Fedora

Oracle

GoLang Go

Affected Versions

golang.org/x/image/tiff:

Before 0.5.0 is affected.

Exploit Probability

EPSS

0.03%

Percentile

8.38%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Go TIFF DecodeConfig Mem Exhaustion DoSCVE-2022-41727 Published on February 28, 2023

Products Associated with CVE-2022-41727

Affected Versions

Exploit Probability

Go TIFF DecodeConfig Mem Exhaustion DoS
CVE-2022-41727 Published on February 28, 2023