GMS-2023-417: Uncontrolled Resource Consumption

February 17, 2023

An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.

References

github.com/advisories/GHSA-qgc7-mgm3-q253
go.dev/cl/468195
go.dev/issue/58003
groups.google.com/g/golang-announce/c/ag-FiyjlD5o
nvd.nist.gov/vuln/detail/CVE-2022-41727
pkg.go.dev/vuln/GO-2023-1572

Code Behaviors & Features

Detect and mitigate GMS-2023-417 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →