CVE-2023-29408

Name of the Vulnerable Software and Affected Versions Golang (affected versions not specified) TIFF decoder (affected versions not specified)

Description The issue is related to the decoding of large amounts of compressed data, which can consume excessive memory and CPU. A maliciously-crafted image can exploit this to cause a small image to make the decoder decode large amounts of compressed data. This can lead to a denial of service. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For Golang, consider restricting the use of the TIFF decoder until a patch is available. For the TIFF decoder, as a temporary workaround, consider limiting the size of compressed tile data to prevent excessive memory and CPU consumption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.