x/image/tiff: excessive CPU consumption from no-op loop iterations [CVE-2023-29407]

golang / go

The Go programming language

https://go.dev

BSD 3-Clause "New" or "Revised" License

121.18k stars 17.37k forks source link

x/image/tiff: excessive CPU consumption from no-op loop iterations [CVE-2023-29407] #61581

Closed neild closed 11 months ago

neild commented 11 months ago

Decoding a 0-height tiled TIFF image iterates over every horizontal pixel. A maliciously-crafted 0-height, max-width image can force 2^32 loop iterations and a substantial amount of CPU consumption.

Thanks to Philippe Antoine (Catena cyber) for reporting this issue.

This is CVE-2023-29407.

This is a PRIVATE issue for CVE-2023-29407, tracked in http://b/279483698 and fixed by http://tg/1944079.

/cc @golang/security and @golang/release

gopherbot commented 11 months ago

Change https://go.dev/cl/514897 mentions this issue: tiff: limit work when decoding malicious images