search

pion / example-webrtc-applications

Examples of WebRTC applications that are large, or use 3rd party libraries
https://pion.ly/
MIT License
1.03k stars 243 forks source link

Update module golang.org/x/image to v0.10.0 [SECURITY] - autoclosed #146

Closed renovate[bot] closed 8 months ago

renovate[bot] commented 8 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
golang.org/x/image v0.0.0-20210628002857-a66eb6448b8d -> v0.10.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-41727

An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.

CVE-2023-29407

A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.

CVE-2023-29408

The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.