CVE-2023-29407: Excessive Iteration

August 2, 2023 (updated November 7, 2023)

A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.

References

go.dev/cl/514897
go.dev/issue/61581
nvd.nist.gov/vuln/detail/CVE-2023-29407
pkg.go.dev/vuln/GO-2023-1990

Code Behaviors & Features

Detect and mitigate CVE-2023-29407 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →