The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encodes size) make the decoder decode large amounts of compressed data, consuming excessive memory and CPU.
Thanks to Philippe Antoine (Catena cyber) for reporting this issue.
The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encodes size) make the decoder decode large amounts of compressed data, consuming excessive memory and CPU.
Thanks to Philippe Antoine (Catena cyber) for reporting this issue.
This is CVE-2023-29408.
This is a PRIVATE issue for CVE-2023-29408, tracked in http://b/279482083 and fixed by http://tg/1944079.
/cc @golang/security and @golang/release