CPU DoS via Malformed Tiled Image (Height=0) in Decoder
CVE-2023-29407 Published on August 2, 2023

Excessive CPU consumption when decoding 0-height images in golang.org/x/image/tiff
A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.

NVD

Products Associated with CVE-2023-29407

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-29407 are published in these products:

GoLang Image

Fedora Project Fedora

Oracle

Affected Versions

golang.org/x/image/tiff:

Before 0.10.0 is affected.

Exploit Probability

EPSS

0.24%

Percentile

47.18%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CPU DoS via Malformed Tiled Image (Height=0) in DecoderCVE-2023-29407 Published on August 2, 2023

Products Associated with CVE-2023-29407

Affected Versions

Exploit Probability

CPU DoS via Malformed Tiled Image (Height=0) in Decoder
CVE-2023-29407 Published on August 2, 2023