Hello gophers, Version v0.5.0 of golang.org/x/image fixes a vulnerability in the golang.org/x/image/tiff package which could cause a denial of service.
An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This issue was discovered by OSS-Fuzz and reported to us by Philippe Antoine (Catena cyber), and is tracked as CVE-2022-41727 and https://go.dev/issue/58003. Cheers, Roland on behalf of the Go team -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CADAOFNQ6TWRQkTOwFxOQPdBMuyFg7%2B0W1F8F-NbYiV7bNMZ%2BmQ%40mail.gmail.com.
