Excessive Iteration

CVE-2023-29407

Medium

6.5/10

Summary

A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of `0` and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero. This vulnerability affects golang.org/x/image package versions prior to 0.10.0. This has the same fix as CVE-2023-29408.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-834 - Excessive Iteration

The software performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

References

Advisory
Advisory
Issue
Release Note

Advisory Timeline

Published Aug 02, 2023

Excessive Iteration

CVE-2023-29407

Summary

CWE-834 - Excessive Iteration

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS